CVE-2013-0266

CVE-2013-0266, security advisory, suse linux, suse, security, cve

CVE-2013-0266

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0266 at MITRE

Description

manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.

---

SUSE information

Overall state of this security issue: Resolved

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

CVSS v2 Scores

	National Vulnerability Database
Base Score	2.1
Vector	AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector	Local
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	None

SUSE Bugzilla entry: 807855 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.

---

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 13:17:22 2013
CVE page last modified: Fri Oct 7 12:46:23 2022