CVE-2012-0030

Published: Jan 13, 2012Modified: Apr 29, 2026

4.9

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:P

Exploitability: 6.8 / Impact: 4.9

Source: NVD

Description

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.

Affected (2)

Products: Openstack: Essex, Nova

Openstack

2 products

Essex

Nova

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Essex	All versions
Openstack Nova	Version 2011.3

Related CWEs

CWE-264

References (12)

http://secunia.com/advisories/47543

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/51370

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1326-1

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/72296

Source: secalert@redhat.com

https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0

Source: secalert@redhat.com

https://lists.launchpad.net/openstack/msg06648.html

Source: secalert@redhat.com

Patch

http://secunia.com/advisories/47543