Vulnerability in Openstack Compute
CVE-2013-2030
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reuse…
EPSS: 0.000 (10.9th percentile) — read the EPSS interpretation.
Affected products
- Openstack Compute — versions 2013.1, 2013.1.1, 2013.1.2
- Openstack Folsom
- Openstack Grizzly — versions 2013.1
- Openstack Havana — versions havana-1, havana-2, havana-3
- N/a — versions n/a
Weakness classification (CWE)
References
- [oss-security] 20130509 [OSSA 2013-010] Nova uses insecure keystone middleware tmpdir by default (CVE-2013-2030) (mailing-list, x_refsource_MLIST)
- FEDORA-2013-8048 (x_refsource_FEDORA, vendor-advisory)
- [openstack-announce] 20130509 [OSSA 2013-010] Nova uses insecure keystone middleware tmpdir by default (CVE-2013-2030) (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)