Insecure Temporary Directory Vulnerability in OpenStack Nova by OpenStack
CVE-2013-2030

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
27 December 2013

Summary

The OpenStack Nova services Folsom, Grizzly, and Havana are susceptible to a vulnerability involving the use of an insecure temporary directory for storing signing certificates. This issue allows local users to potentially spoof servers by pre-creating the designated directory used by Nova for keystone middleware. This vulnerability was demonstrated with the directory path '/tmp/keystone-signing-nova' on Fedora systems. Users of OpenStack Nova should assess their deployments for this vulnerability to mitigate risks associated with unauthorized access.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.