CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6419 – Nova: Metadata queries from Neutron to Nova are not restricted by tenant
https://notcve.org/view.php?id=CVE-2013-6419
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron. Error de interacción en OpenStack Nova y Neutron anteriores a Havana 2013.2.1 e icehouse-1 no valida el ID de la instancia del inquilino haciendo una petición, lo cual permite a inquilinos remotos obtener metadatos sensibles falseando el ID del dispositivo ligado a un puerto, lo cual no es manejado adecuadamente por (1) api/metadata/handler.py en Nova y (2) el neutron-metadata-agent (agent/metadata/agent.py) en Neutron. • http://rhn.redhat.com/errata/RHSA-2014-0091.html http://rhn.redhat.com/errata/RHSA-2014-0231.html http://www.openwall.com/lists/oss-security/2013/12/11/8 http://www.securityfocus.com/bid/64250 https://bugs.launchpad.net/neutron/+bug/1235450 https://review.openstack.org/#/c/61428/2/nova/api/metadata/handler.py https://review.openstack.org/#/c/61439/1/neutron/agent/metadata/agent.py https://access.redhat.com/security/cve/CVE-2013-6419 https://bugzill • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2013-2030
https://notcve.org/view.php?id=CVE-2013-2030
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. keystone/middleware/auth_token.py en OpenStack Nova Folsom, Grizzly, y Havana, utiliza un directorio temporal inseguro para almacenar certificados de firma, lo cual permite a usuarios locales impersonar servidores mediante la creación previa de este directorio, que es reutilizado por Nova, como se muestra utilizando /tmp/keystone-signing-nova en Fedora. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html http://www.openwall.com/lists/oss-security/2013/05/09/2 https://bugs.launchpad.net/nova/+bug/1174608 https://bugzilla.redhat.com/show_bug.cgi?id=958285 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6426 – Heat: CFN policy rules not all enforced
https://notcve.org/view.php?id=CVE-2013-6426
The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method. El API compatible con CloudFormation en API OpenStack orquestación (Heat) antes de Habana 2013.2.1 y anterior a Icehouse Icehouse-2 no aplica correctamente las reglas de política, lo que permite a los usuarios locales en la instancia evitar las restricciones de acceso establecidas y, (1) crear una pila a través de el método CreateStack o, (2) actualizar una pila a través del método UpdateStack. • http://rhn.redhat.com/errata/RHSA-2014-0090.html http://www.openwall.com/lists/oss-security/2013/12/11/9 http://www.securityfocus.com/bid/64243 https://bugs.launchpad.net/heat/+bug/1256049 https://exchange.xforce.ibmcloud.com/vulnerabilities/89658 https://access.redhat.com/security/cve/CVE-2013-6426 https://bugzilla.redhat.com/show_bug.cgi?id=1039141 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6428 – Heat: ReST API doesn't respect tenant scoping
https://notcve.org/view.php?id=CVE-2013-6428
The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path. La API ReST en API OpenStack Orchestration API (Heat) anterior de a Habana 2013.2.1 y Icehouse anterior a Icehouse-2 permite a usuarios remotos autenticados eludir la restricciones de uso de inquilinos a través de un tenant_id modificado en la ruta de solicitud. • http://rhn.redhat.com/errata/RHSA-2014-0090.html http://seclists.org/oss-sec/2013/q4/479 https://launchpad.net/bugs/1256983 https://access.redhat.com/security/cve/CVE-2013-6428 https://bugzilla.redhat.com/show_bug.cgi?id=1039144 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 1CVE-2013-6391 – Keystone: trust circumvention through EC2-style tokens
https://notcve.org/view.php?id=CVE-2013-6391
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. La API ec2tokens en OpenStack Identity (Keystone) anterior a de Havana 2013.2.1 y Icehouse anterior Icehouse-2 no devuelve una token de confianza de ámbito cuando se recibe uno, lo que permite a los usuarios la confianza remotos obtener privilegios mediante la generación de credenciales EC2 a partir de un token de confianza de ámbito y usándolo una solicitud API ec2tokens • http://rhn.redhat.com/errata/RHSA-2014-0089.html http://secunia.com/advisories/56079 http://secunia.com/advisories/56154 http://www.openwall.com/lists/oss-security/2013/12/11/7 http://www.securityfocus.com/bid/64253 http://www.ubuntu.com/usn/USN-2061-1 https://bugs.launchpad.net/keystone/+bug/1242597 https://exchange.xforce.ibmcloud.com/vulnerabilities/89657 https://access.redhat.com/security/cve/CVE-2013-6391 https://bugzilla.redhat.com/show_bug.cgi?id=1039164 • CWE-269: Improper Privilege Management •