Security Advisory

CVE-2013-6426

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2013-12-14 17:00:00

Last updated 2024-08-06 17:39:01

Assigner redhat

State PUBLISHED

Description

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

← Browse all CVEs View on cve.org ↗