Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2013-2030
HistoryDec 27, 2013 - 1:55 a.m.

CVE-2013-2030

2013-12-2701:55:05
CWE-264
[email protected]
web.nvd.nist.gov
21
openstack
nova
folsom
grizzly
havana
security
vulnerability
cve-2013-2030
nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.

Affected configurations

NVD
Node
openstackcomputeMatch2013.1
OR
openstackcomputeMatch2013.1.1
OR
openstackcomputeMatch2013.1.2
OR
openstackcomputeMatch2013.1.3
OR
openstackfolsomMatch-
OR
openstackgrizzlyMatch2013.1
OR
openstackhavanaMatchhavana-1
OR
openstackhavanaMatchhavana-2
OR
openstackhavanaMatchhavana-3

Related

ubuntucve 1
osv 1
nessus 2
prion 1
debiancve 1
cvelist 1
github 1
nvd 1
fedora 2
openvas 4
ubuntucve
ubuntucve
CVE-2013-2030
2013-05-09 00:00:00
osv
osv
OpenStack Nova uses insecure keystone middleware tmpdir by default
2022-05-17 04:44:52
nessus
nessus
openSUSE Security Update : openstack-nova (openSUSE-SU-2013:1087-1)
2014-06-13 00:00:00
Fedora 18 : openstack-keystone-2012.2.4-3.fc18 (2013-8048)
2013-05-22 00:00:00
prion
prion
Directory traversal
2013-12-27 01:55:00
debiancve
debiancve
CVE-2013-2030
2013-12-27 01:55:05
cvelist
cvelist
CVE-2013-2030
2013-12-27 01:00:00
github
github
OpenStack Nova uses insecure keystone middleware tmpdir by default
2022-05-17 04:44:52
nvd
nvd
CVE-2013-2030
2013-12-27 01:55:05
fedora
fedora
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-3.fc18
2013-05-22 01:29:47
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-5.fc18
2013-08-09 17:01:37
openvas
openvas
Fedora Update for openstack-keystone FEDORA-2013-8048
2013-05-23 00:00:00
Fedora Update for openstack-keystone FEDORA-2013-8048
2013-05-23 00:00:00
Fedora Update for openstack-keystone FEDORA-2013-10713
2013-08-12 00:00:00

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVE-2013-2030
ubuntucve1osv1nessus2prion1debiancve1cvelist1github1nvd1fedora2openvas4