Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for Red Hat OpenStack Platform 4 by Red Hat
CVE-2013-1815 (GCVE-0-2013-1815)
Vulnerability from nvd – Published: 2013-04-10 15:00 – Updated: 2026-04-30 16:33
VLAI
Title
Packstack: red hat openstack: packstack: unauthorized system modification via insecure answer file creation
Summary
A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications.
Severity
6.1 (Medium)
CWE
- CWE-379 - Creation of Temporary File in Directory with Insecure Permissions
Assigner
References
4 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) |
cpe:/a:redhat:openstack:5::el6 |
|
| Red Hat | Red Hat OpenStack Platform 4 |
cpe:/a:redhat:openstack:4 |
Date Public
2013-04-10 15:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "packstack-answerfile-information-disclosure(83017)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83017"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917904"
},
{
"name": "RHSA-2013:0671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0671.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:5::el6"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:4"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat OpenStack Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2013-04-10T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T16:33:23.209Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0671.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2013-1815"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917904"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83017"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-02T15:04:08.208Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2013-04-10T15:00:00.000Z",
"value": "Made public."
}
],
"title": "Packstack: red hat openstack: packstack: unauthorized system modification via insecure answer file creation",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1815",
"datePublished": "2013-04-10T15:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2026-04-30T16:33:23.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2013-0266 (GCVE-0-2013-0266)
Vulnerability from nvd – Published: 2013-03-08 21:00 – Updated: 2026-04-30 16:33
VLAI
Title
Puppetlabs-cinder: packstack: openstack: puppetlabs-cinder: information disclosure of openstack administrative passwords due to world-readable configuration files.
Summary
A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources.
Severity
5.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
4 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) |
cpe:/a:redhat:openstack:5::el6 |
|
| Red Hat | Red Hat OpenStack Platform 4 |
cpe:/a:redhat:openstack:4 |
Date Public
2013-03-08 21:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:5::el6"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:4"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat OpenStack Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2013-03-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T16:33:21.662Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2013-0266"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-02T15:03:23.624Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2013-03-08T21:00:00.000Z",
"value": "Made public."
}
],
"title": "Puppetlabs-cinder: packstack: openstack: puppetlabs-cinder: information disclosure of openstack administrative passwords due to world-readable configuration files.",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0266",
"datePublished": "2013-03-08T21:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2026-04-30T16:33:21.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2013-0261 (GCVE-0-2013-0261)
Vulnerability from nvd – Published: 2013-03-08 21:00 – Updated: 2026-04-30 16:33
VLAI
Title
Packstack: packstack: arbitrary file overwrite via symlink attack
Summary
A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption.
Severity
8.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0595.html | |
| https://access.redhat.com/security/cve/CVE-2013-0261 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=908101 |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) |
cpe:/a:redhat:openstack:5::el6 |
|
| Red Hat | Red Hat OpenStack Platform 4 |
cpe:/a:redhat:openstack:4 |
Date Public
2013-03-08 21:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:5::el6"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:4"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat OpenStack Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2013-03-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T16:33:18.902Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2013-0261"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-02T15:03:16.923Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2013-03-08T21:00:00.000Z",
"value": "Made public."
}
],
"title": "Packstack: packstack: arbitrary file overwrite via symlink attack",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0261",
"datePublished": "2013-03-08T21:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2026-04-30T16:33:18.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2013-1815 (GCVE-0-2013-1815)
Vulnerability from cvelistv5 – Published: 2013-04-10 15:00 – Updated: 2026-04-30 16:33
VLAI
Title
Packstack: red hat openstack: packstack: unauthorized system modification via insecure answer file creation
Summary
A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications.
Severity
6.1 (Medium)
CWE
- CWE-379 - Creation of Temporary File in Directory with Insecure Permissions
Assigner
References
4 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) |
cpe:/a:redhat:openstack:5::el6 |
|
| Red Hat | Red Hat OpenStack Platform 4 |
cpe:/a:redhat:openstack:4 |
Date Public
2013-04-10 15:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "packstack-answerfile-information-disclosure(83017)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83017"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917904"
},
{
"name": "RHSA-2013:0671",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0671.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:5::el6"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:4"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat OpenStack Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2013-04-10T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T16:33:23.209Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0671.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2013-1815"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917904"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83017"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-02T15:04:08.208Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2013-04-10T15:00:00.000Z",
"value": "Made public."
}
],
"title": "Packstack: red hat openstack: packstack: unauthorized system modification via insecure answer file creation",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1815",
"datePublished": "2013-04-10T15:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2026-04-30T16:33:23.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2013-0266 (GCVE-0-2013-0266)
Vulnerability from cvelistv5 – Published: 2013-03-08 21:00 – Updated: 2026-04-30 16:33
VLAI
Title
Puppetlabs-cinder: packstack: openstack: puppetlabs-cinder: information disclosure of openstack administrative passwords due to world-readable configuration files.
Summary
A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources.
Severity
5.5 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
4 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) |
cpe:/a:redhat:openstack:5::el6 |
|
| Red Hat | Red Hat OpenStack Platform 4 |
cpe:/a:redhat:openstack:4 |
Date Public
2013-03-08 21:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:5::el6"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:4"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat OpenStack Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2013-03-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T16:33:21.662Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2013-0266"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-02T15:03:23.624Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2013-03-08T21:00:00.000Z",
"value": "Made public."
}
],
"title": "Puppetlabs-cinder: packstack: openstack: puppetlabs-cinder: information disclosure of openstack administrative passwords due to world-readable configuration files.",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0266",
"datePublished": "2013-03-08T21:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2026-04-30T16:33:21.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2013-0261 (GCVE-0-2013-0261)
Vulnerability from cvelistv5 – Published: 2013-03-08 21:00 – Updated: 2026-04-30 16:33
VLAI
Title
Packstack: packstack: arbitrary file overwrite via symlink attack
Summary
A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption.
Severity
8.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0595.html | |
| https://access.redhat.com/security/cve/CVE-2013-0261 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=908101 |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) |
cpe:/a:redhat:openstack:5::el6 |
|
| Red Hat | Red Hat OpenStack Platform 4 |
cpe:/a:redhat:openstack:4 |
Date Public
2013-03-08 21:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:5::el6"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:4"
],
"defaultStatus": "affected",
"packageName": "openstack-packstack",
"product": "Red Hat OpenStack Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2013-03-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T16:33:18.902Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2013-0261"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-02T15:03:16.923Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2013-03-08T21:00:00.000Z",
"value": "Made public."
}
],
"title": "Packstack: packstack: arbitrary file overwrite via symlink attack",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0261",
"datePublished": "2013-03-08T21:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2026-04-30T16:33:18.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}