Launchpad CVE tracker

CVE 2012-0030

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.

Related bugs and status

CVE-2012-0030 (Candidate) is related to these bugs:

Bug #904072: project_id could be overwritten to any value by URI value

Summary				In	Importance	Status
	904072	project_id could be overwritten to any value by URI value		OpenStack Compute (nova)	High	Fix Released
	904072	project_id could be overwritten to any value by URI value		OpenStack Compute (nova) diablo	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.ubuntu.com/...
MISC: https://lists.launchpa...
MISC: https://github.com/ope...
MISC: https://exchange.xforc...

Launchpad.net

CVE 2012-0030

Related bugs and status

Related bugs

References