Launchpad CVE tracker

CVE 2013-6426

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

Related bugs and status

CVE-2013-6426 (Candidate) is related to these bugs:

Bug #1256049: [OSSA 2013-034] Heat CFN policy rules not all enforced (CVE-2013-6426)

		In	Importance	Status
1256049	[OSSA 2013-034] Heat CFN policy rules not all enforced (CVE-2013-6426)	OpenStack Heat	High	Fix Released
1256049	[OSSA 2013-034] Heat CFN policy rules not all enforced (CVE-2013-6426)	OpenStack Security Advisory	High	Fix Released
1256049	[OSSA 2013-034] Heat CFN policy rules not all enforced (CVE-2013-6426)	OpenStack Heat grizzly	High	Fix Released
1256049	[OSSA 2013-034] Heat CFN policy rules not all enforced (CVE-2013-6426)	OpenStack Heat havana	High	Fix Released

Bug #1262788: Meta bug for tracking Openstack 2013.2.1 Stable Update

		In	Importance	Status
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	nova (Ubuntu)	Undecided	Invalid
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	nova (Ubuntu Saucy)	Undecided	Fix Released
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	glance (Ubuntu)	Undecided	Invalid
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	glance (Ubuntu Saucy)	Undecided	Fix Released
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	ceilometer (Ubuntu)	Undecided	Invalid
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	ceilometer (Ubuntu Saucy)	Undecided	Fix Released
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	keystone (Ubuntu)	Undecided	Invalid
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	keystone (Ubuntu Saucy)	Undecided	Fix Released
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	heat (Ubuntu)	Undecided	Invalid
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	heat (Ubuntu Saucy)	Undecided	Fix Released
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	neutron (Ubuntu)	Undecided	Invalid
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	neutron (Ubuntu Saucy)	Undecided	Fix Released
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	horizon (Ubuntu)	Undecided	Invalid
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	horizon (Ubuntu Saucy)	Undecided	Fix Released
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	cinder (Ubuntu)	Undecided	Invalid
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	cinder (Ubuntu Saucy)	Undecided	Fix Released
1262788	Meta bug for tracking Openstack 2013.2.1 Stable Update	Ubuntu Cloud Archive	Undecided	Fix Released

Bug #1267557: [MIR] heat

Summary				In	Importance	Status
	1267557	[MIR] heat		heat (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-6426

References