1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Candidate: CVE-2013-6428
CRD: 2013-12-11 15:00:00 UTC
PublicDate: 2013-12-14
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6428
http://lists.openstack.org/pipermail/openstack-announce/2013-December/000172.html
Description:
The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1
and Icehouse before icehouse-2 allows remote authenticated users to bypass
the tenant scoping restrictions via a modified tenant_id in the request
path.
Ubuntu-Description:
Notes:
mdeslaur> OSSA 2013-035
Bugs:
https://launchpad.net/bugs/1256983
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732033
Priority: medium
Discovered-by: Steven Hardy
Assigned-to:
Patches_heat:
upstream_heat: released (2014.1.rc1)
lucid_heat: DNE
precise_heat: DNE
quantal_heat: DNE
raring_heat: DNE
saucy_heat: ignored (reached end-of-life)
trusty_heat: not-affected (2014.1~rc1-0ubuntu1)
devel_heat: not-affected (2014.1~rc1-0ubuntu1)
|