Описание
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | ignored | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | not-affected | |
| precise | not-affected | |
| quantal | ignored | |
| raring | ignored | |
| upstream | needed |
Показывать по
Ссылки на источники
EPSS
2.1 Low
CVSS2
Связанные уязвимости
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, a ...
OpenStack Nova uses insecure keystone middleware tmpdir by default
EPSS
2.1 Low
CVSS2