Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0030

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2012-0030
Last Modified 17 Jan 2012 12:00:00
Published 13 Jan 2012 01:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-0030

Summary

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.

Vulnerable Systems

Operating System

  • Ubuntu 11.10

Application

  • Openstack Essex

  • Openstack Nova 2011.3


References

MLIST - [openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030)

CONFIRM - https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0

XF - nova-security-bypass(72296)

UBUNTU - USN-1326-1

BID - 51370

SECUNIA - 47543


Last Updated: 27 May 2016 10:57:19