Access Control Flaw in OpenStack Orchestration API - Heat
CVE-2013-6426
Currently unrated
Summary
The OpenStack Orchestration API (Heat) prior to the specified versions lacks proper enforcement of policy rules. This vulnerability enables local users on the same instance to exploit the CreateStack and UpdateStack methods, leading to unauthorized stack creation or manipulation. This breach can compromise the integrity and security of cloud-based resources by allowing unintended alterations to configurations and deployments.
References
Timeline
Vulnerability published
Vulnerability Reserved