CVE-2012-0030
Published: 11 January 2012
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
Notes
Author | Note |
---|---|
jdstrand | discussion in '[vs-plain] OpenStack Nova vulnerability (Tenant bypass by authenticated users using OpenStack API)' requires authenticated user per upstream (ttx), Ubuntu 10.10 and 11.04 are not affected |
Priority
Status
Package | Release | Status |
---|---|---|
nova Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Released
(2011.3-0ubuntu6.4)
|
|
Patches: other: https://bugs.launchpad.net/nova/+bug/904072 |