Описание
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 2.0 | openstack-packstack | Affected | ||
| Red Hat OpenStack Platform 2.1 | openstack-packstack | Affected | ||
| OpenStack Folsom for RHEL 6 | openstack-packstack | Fixed | RHSA-2013:0595 | 05.03.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.1 Low
CVSS2
Связанные уязвимости
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
EPSS
2.1 Low
CVSS2