CVE-2014-0167

Опубликовано: 09 апр. 2014

Источник: redhat

CVSS2: 6

EPSS Низкий

Описание

The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.

It was found that RBAC policies were not enforced in certain methods of the OpenStack Compute EC2 (Amazon Elastic Compute Cloud) API. A remote attacker could use this flaw to escalate their privileges beyond the user group they were originally restricted to. Note that only certain setups using non-default RBAC rules for OpenStack Compute were affected.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	openstack-nova	Affected
Red Hat OpenStack Platform 3	openstack-nova	Affected
OpenStack 4 for RHEL 6	openstack-nova	Fixed	RHSA-2014:1084	21.08.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-862

https://bugzilla.redhat.com/show_bug.cgi?id=1084868openstack-nova: RBAC policy not properly enforced in Nova EC2 API

EPSS

Процентиль: 59%

0.00383

Низкий

6 Medium

CVSS2

Связанные уязвимости

CVE-2014-0167

ubuntu

почти 12 лет назад

CVE-2014-0167

nvd

почти 12 лет назад

CVE-2014-0167

debian

почти 12 лет назад

The Nova EC2 API security group implementation in OpenStack Compute (N ...

GHSA-p258-xmh3-72pv

github

больше 3 лет назад

OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests

EPSS

Процентиль: 59%

0.00383

Низкий

6 Medium

CVSS2