Showing 1 - 1 of 1

CVE-2012-0030

Status Candidate

Overview

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.

Related Files

Ubuntu Security Notice USN-1326-1: Posted Jan 11, 2012; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1326-1 - Nachi Ueno, Rohit Karajgi, and Venkatesan Ravikumar discovered that when Nova is configured to use the OpenStack API, it would not correctly enforce access controls on certain incoming requests. A remote authenticated attacker could exploit this to change resources of arbitrary tenants.; tags | advisory, remote, arbitrary; systems | linux, ubuntu; advisories | CVE-2012-0030; SHA-256 | a768674e4752957572324743e01989fa9359ffbb82d310887b7656cbadb1d11a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 183 files
Ubuntu 59 files
Debian 20 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Google Security Research 6 files
E1.Coders 4 files
Ersin Erenler 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,007)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,166)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,459)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,428)
UNIX (9,390)
UnixWare (187)
Windows (6,647)
Other

CVE-2012-0030

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems