CVE-2013-0266

Openstack Essex - Race Condition

Title source: rule

Description

manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.

References (3)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0595.html

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=908581

[Patch] https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc

View Patch ZIP pw:eip

Scores

EPSS 0.0008

EPSS Percentile 24.1%

Classification

CWE

CWE-362

Status draft

Affected Products (2)

openstack/essex

openstack/folsom

Timeline

Published Mar 08, 2013

Tracked Since Feb 18, 2026