CVE-2013-2030

Severity

21%

Complexity

39%

Confidentiality

48%

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N).

Overview

Type

OpenStack

First reported 11 years ago

2013-12-27 01:55:00

Last updated 10 years ago

2014-05-05 05:21:00

Affected Software

OpenStack Compute 2013.1

2013.1

OpenStack Compute 2013.1.1

2013.1.1

OpenStack Compute 2013.1.2

2013.1.2

OpenStack Compute 2013.1.3

2013.1.3

OpenStack Folsom

OpenStack Grizzly 2013.1

2013.1

OpenStack Havana Havana-1

havana-1

OpenStack Havana Havana-2

havana-2

OpenStack Havana Havana-3

havana-3

References

FEDORA-2013-8048

[openstack-announce] 20130509 [OSSA 2013-010] Nova uses insecure keystone middleware tmpdir by default (CVE-2013-2030)

Patch, Vendor Advisory

[oss-security] 20130509 [OSSA 2013-010] Nova uses insecure keystone middleware tmpdir by default (CVE-2013-2030)

https://bugs.launchpad.net/nova/+bug/1174608

https://bugzilla.redhat.com/show_bug.cgi?id=958285

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.