CVE-2013-0266

Summary

A flaw was found in the puppetlabs-cinder module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the cinder.conf and api-paste.ini configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-276: Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

References