Insecure Temporary Directory Vulnerability in OpenStack Nova by OpenStack
CVE-2013-2030
Currently unrated
Key Information:
Summary
The OpenStack Nova services Folsom, Grizzly, and Havana are susceptible to a vulnerability involving the use of an insecure temporary directory for storing signing certificates. This issue allows local users to potentially spoof servers by pre-creating the designated directory used by Nova for keystone middleware. This vulnerability was demonstrated with the directory path '/tmp/keystone-signing-nova' on Fedora systems. Users of OpenStack Nova should assess their deployments for this vulnerability to mitigate risks associated with unauthorized access.
References
Timeline
Vulnerability published
Vulnerability Reserved