Access Control Flaw in OpenStack Orchestration API - Heat
CVE-2013-6426

Currently unrated

Key Information:

Vendor: Openstack
Status: Heat
Vendor: CVE Published:; 14 December 2013

Summary

The OpenStack Orchestration API (Heat) prior to the specified versions lacks proper enforcement of policy rules. This vulnerability enables local users on the same instance to exploit the CreateStack and UpdateStack methods, leading to unauthorized stack creation or manipulation. This breach can compromise the integrity and security of cloud-based resources by allowing unintended alterations to configurations and deployments.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89658

vdb-entryx_refsource_XF

http://rhn.redhat.com/errata/RHSA-2014-0090.html

vendor-advisoryx_refsource_REDHAT

https://bugs.launchpad.net/heat/+bug/1256049

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 14, 2013
Vulnerability Reserved
Nov 4, 2013