CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-0266

A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.7%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 2.1

References

http://rhn.redhat.com/errata/RHSA-2013-0595.html
https://access.redhat.com/security/cve/CVE-2013-0266
https://bugzilla.redhat.com/show_bug.cgi?id=908581
https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc
http://rhn.redhat.com/errata/RHSA-2013-0595.html
https://bugzilla.redhat.com/show_bug.cgi?id=908581
https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc

Products affected by CVE-2013-0266

Openstack » Essex » Version: N/A

cpe:2.3:a:openstack:essex:-
Openstack » Folsom » Version: N/A

cpe:2.3:a:openstack:folsom:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-0266

Products

Pricing

Contact Us