CVE-2013-6428

Published: 11 December 2013

The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.

Notes

Author	Note
mdeslaur	OSSA 2013-035

Priority

Status

Package	Release	Status
heat Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Ignored (end of life)
	trusty	Does not exist (trusty was not-affected [2014.1~rc1-0ubuntu1])
	upstream	Released (2014.1.rc1)

References

http://lists.openstack.org/pipermail/openstack-announce/2013-December/000172.html
https://www.cve.org/CVERecord?id=CVE-2013-6428
NVD
Launchpad
Debian

Bugs

https://launchpad.net/bugs/1256983
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732033

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›