CVE-2012-0030

Published: 11 January 2012

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.

Priority

Medium

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Other: https://bugs.launchpad.net/nova/+bug/904072

Notes

AuthorNote
jdstrand
discussion in '[vs-plain] OpenStack Nova vulnerability (Tenant
bypass by authenticated users using OpenStack API)'
requires authenticated user
per upstream (ttx), Ubuntu 10.10 and 11.04 are not affected

References

Bugs