CVE-2012-0030
OpenStack Essex and Nova 2011.3 - Authenticated Access Restriction Bypass via Modified project_id URI Parameter
Title source: llmDescription
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72296
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47543
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1326-1
Patch x_refsource_confirm
https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0
Patch mailing-list
x_refsource_mlist
https://lists.launchpad.net/openstack/msg06648.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51370
Scores
EPSS
0.0055
EPSS Percentile
68.2%
Details
CWE
CWE-264
Status
published
Products (2)
openstack/essex
openstack/nova
2011.3
Published
Jan 13, 2012
Tracked Since
Feb 18, 2026