Vulnerability in Openstack Essex
CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
EPSS: 0.005 (68.3th percentile) — read the EPSS interpretation.
Affected products
- Openstack Essex
- Openstack Nova — versions 2011.3
- N/a — versions n/a
Weakness classification (CWE)
References
- nova-security-bypass(72296) (vdb-entry, x_refsource_XF)
- 47543 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- USN-1326-1 (x_refsource_UBUNTU, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- [openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030) (mailing-list, x_refsource_MLIST, Patch)
- 51370 (vdb-entry, x_refsource_BID)