CVE-2012-0030
Published: 11 January 2012
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
nova Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
|
Patches: Other: https://bugs.launchpad.net/nova/+bug/904072 |
||
Notes
| Author | Note |
|---|---|
| jdstrand | discussion in '[vs-plain] OpenStack Nova vulnerability (Tenant bypass by authenticated users using OpenStack API)' requires authenticated user per upstream (ttx), Ubuntu 10.10 and 11.04 are not affected |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0030
- https://usn.ubuntu.com/usn/usn-1326-1
- NVD
- Launchpad
- Debian