CVE-2012-0030

CWE-2647 documents7 sources

Severity

4.9MEDIUM

EPSS

0.5%

top 32.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Nova

Timeline

PublishedJan 13

Latest updateMay 4

Description

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 6.8 | Impact: 4.9

Affected Packages2 packages

▶NVDopenstack/nova2011.3

▶Debiannova< 2012.1~rc1-1+3

Patches

Patch: lists.launchpad.net ↗Patch: lists.launchpad.net ↗

🔴Vulnerability Details

GHSA

GHSA-3c45-vg2q-j67q: Nova 2011↗2022-05-04

▶

CVEList

CVE-2012-0030: Nova 2011↗2012-01-13

▶

OSV

CVE-2012-0030: Nova 2011↗2012-01-13

▶

📋Vendor Advisories

Ubuntu

Nova vulnerability↗2012-01-11

▶

Debian

CVE-2012-0030: nova - Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated...↗2012

▶

💬Community

Bugzilla

CVE-2012-0030 openstack-nova: Tenant bypass by authenticated users using OpenStack API↗2012-01-06

▶