Configuration File Permission Vulnerability in Puppet Labs Cinder Module
CVE-2013-0266
Currently unrated
Summary
The Puppet Labs Cinder module, utilized in OpenStack environments, has a security flaw where the (1) cinder.conf and (2) api-paste.ini files possess world-readable permissions. This misconfiguration allows local users to access sensitive OpenStack administrative credentials by reading these configuration files, potentially compromising the entire OpenStack deployment.
References
Timeline
Vulnerability published
Vulnerability Reserved