CVE-2013-0266
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A flaw was found in the puppetlabs-cinder module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the cinder.conf and api-paste.ini configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources.
Affected Software
| Vendor | Product | Version Range | Status |
|---|
Weaknesses
- CWE-276: Incorrect Default Permissions
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=908581
- https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc
- http://rhn.redhat.com/errata/RHSA-2013-0595.html
References
- http://rhn.redhat.com/errata/RHSA-2013-0595.html
- https://access.redhat.com/security/cve/CVE-2013-0266
- https://bugzilla.redhat.com/show_bug.cgi?id=908581
- https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.