The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-12-14T17:00:00

Updated: 2024-08-06T17:39:01.344Z

Reserved: 2013-11-04T00:00:00

Link: CVE-2013-6426

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-12-14T17:21:47.147

Modified: 2024-11-21T01:59:12.160

Link: CVE-2013-6426

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-12-11T00:00:00Z

Links: CVE-2013-6426 - Bugzilla