CVE-2013-6426

Published: Dec 14, 2013Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

Affected (1)

Products: Openstack: Heat

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Heat	Up to 2013.2

Related CWEs

References (10)

http://rhn.redhat.com/errata/RHSA-2014-0090.html

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/12/11/9

Source: secalert@redhat.com

http://www.securityfocus.com/bid/64243

Source: secalert@redhat.com

https://bugs.launchpad.net/heat/+bug/1256049

Source: secalert@redhat.com

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/89658

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-0090.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/12/11/9

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/64243

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/heat/+bug/1256049

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/89658

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.