CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6428 – Heat: ReST API doesn't respect tenant scoping
https://notcve.org/view.php?id=CVE-2013-6428
The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path. La API ReST en API OpenStack Orchestration API (Heat) anterior de a Habana 2013.2.1 y Icehouse anterior a Icehouse-2 permite a usuarios remotos autenticados eludir la restricciones de uso de inquilinos a través de un tenant_id modificado en la ruta de solicitud. • http://rhn.redhat.com/errata/RHSA-2014-0090.html http://seclists.org/oss-sec/2013/q4/479 https://launchpad.net/bugs/1256983 https://access.redhat.com/security/cve/CVE-2013-6428 https://bugzilla.redhat.com/show_bug.cgi?id=1039144 • CWE-264: Permissions, Privileges, and Access Controls •