Access Control Flaw in OpenStack Orchestration API - Heat
CVE-2013-6426

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
14 December 2013

Summary

The OpenStack Orchestration API (Heat) prior to the specified versions lacks proper enforcement of policy rules. This vulnerability enables local users on the same instance to exploit the CreateStack and UpdateStack methods, leading to unauthorized stack creation or manipulation. This breach can compromise the integrity and security of cloud-based resources by allowing unintended alterations to configurations and deployments.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.