CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-2030

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.9%

CVSS Severity

CVSS v2 Score 2.1

References

Products affected by CVE-2013-2030

Openstack » Compute » Version: 2013.1

cpe:2.3:a:openstack:compute:2013.1
Openstack » Compute » Version: 2013.1.1

cpe:2.3:a:openstack:compute:2013.1.1
Openstack » Compute » Version: 2013.1.2

cpe:2.3:a:openstack:compute:2013.1.2
Openstack » Compute » Version: 2013.1.3

cpe:2.3:a:openstack:compute:2013.1.3
Openstack » Folsom » Version: N/A

cpe:2.3:a:openstack:folsom:-
Openstack » Grizzly » Version: 2013.1

cpe:2.3:a:openstack:grizzly:2013.1
Openstack » Havana » Version: havana-1

cpe:2.3:a:openstack:havana:havana-1
Openstack » Havana » Version: havana-2

cpe:2.3:a:openstack:havana:havana-2
Openstack » Havana » Version: havana-3

cpe:2.3:a:openstack:havana:havana-3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-2030

Products

Pricing

Contact Us