CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-0266

manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.0%

CVSS Severity

CVSS v2 Score 2.1

References

http://rhn.redhat.com/errata/RHSA-2013-0595.html
https://bugzilla.redhat.com/show_bug.cgi?id=908581
https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc
http://rhn.redhat.com/errata/RHSA-2013-0595.html
https://bugzilla.redhat.com/show_bug.cgi?id=908581
https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc

Products affected by CVE-2013-0266

Openstack » Essex » Version: N/A

cpe:2.3:a:openstack:essex:-
Openstack » Folsom » Version: N/A

cpe:2.3:a:openstack:folsom:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-0266

Products

Pricing

Contact Us