Vulnerabilities > CVE-2013-1815 - Credentials Management vulnerability in Redhat Openstack Essex, Openstack Folsom and Packstack

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
redhat
CWE-255
NVD
Published: 2013-04-10
Updated: 2017-08-29

Summary

PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file.

Vulnerable Configurations

Part Description Count
Application
Redhat
3

Common Weakness Enumeration (CWE)

Redhat

advisories
rhsa
idRHSA-2013:0671
rpmsopenstack-packstack-0:2012.2.3-0.1.dev454.el6ost

References