Configuration File Permission Vulnerability in Puppet Labs Cinder Module
CVE-2013-0266

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
8 March 2013

Summary

The Puppet Labs Cinder module, utilized in OpenStack environments, has a security flaw where the (1) cinder.conf and (2) api-paste.ini files possess world-readable permissions. This misconfiguration allows local users to access sensitive OpenStack administrative credentials by reading these configuration files, potentially compromising the entire OpenStack deployment.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.