CVE-2013-6426

Currently unrated

Key Information:

Vendor: Openstack
Status: Heat
Vendor: CVE Published:; 14 December 2013

Summary

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89658

vdb-entryx_refsource_XF

http://rhn.redhat.com/errata/RHSA-2014-0090.html

vendor-advisoryx_refsource_REDHAT

https://bugs.launchpad.net/heat/+bug/1256049

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 14, 2013
Vulnerability Reserved
Nov 4, 2013