Your submission was sent successfully! Close

CVE-2013-6426

Published: 11 December 2013

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

Priority

Medium

Status

Package Release Status
heat
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was not-affected [2014.1~rc1-0ubuntu1])
upstream
Released (2014.1.rc1)
utopic Not vulnerable
(2014.1~rc1-0ubuntu1)