← Back

CVE-2013-2030

nvd nist
Published: Dec 27, 2013Modified: Apr 29, 2026

JSON object

Loading...
2.1
Vector
AV:L/AC:L/Au:N/C:N/I:P/A:N
Exploitability: 3.9 / Impact: 2.9
Source: NVD

Description

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.

Affected (9)

Openstack
4 products
Compute
Folsom
Grizzly
Havana
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Openstack
Compute
Version 2013.1.1
Compute
Version 2013.1.2
Compute
Version 2013.1.3
Compute
Version 2013.1
Folsom
All versions
Grizzly
Version 2013.1
Openstack
Havana
Version havana-1
Havana
Version havana-2
Havana
Version havana-3

Related CWEs

CWE-264
CWE-264

References (10)

Source: secalert@redhat.com
Source: secalert@redhat.com
PatchVendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.