cvelistv5 - cve-2013-6470

cve-2013-6470

Vulnerability from cvelistv5

Published

2014-06-02 15:00

Modified

2024-08-06 17:39

Severity ?

Summary

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-0517.html	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1051994
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-0517.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1051994

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2014:0517",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0517.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-06-02T14:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2014:0517",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0517.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6470",
    "datePublished": "2014-06-02T15:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1802FDB8-C919-4D5E-A8AD-4C5B72525090\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.\"}, {\"lang\": \"es\", \"value\": \"La configuraci\\u00f3n por defecto en el manifest de Standalone Controller Quickstack en openstack-foreman-installer, utilizado en Red Hat Enterprise Linux OpenStack Platform 4.0, deshabilita autenticaci\\u00f3n para Qpid, lo que permite a atacantes remotos ganar acceso mediante la conexi\\u00f3n a Qpid.\"}]",
      "id": "CVE-2013-6470",
      "lastModified": "2024-11-21T01:59:17.603",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-06-02T15:55:10.980",
      "references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0517.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1051994\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0517.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1051994\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-6470\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-06-02T15:55:10.980\",\"lastModified\":\"2024-11-21T01:59:17.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.\"},{\"lang\":\"es\",\"value\":\"La configuraci\u00f3n por defecto en el manifest de Standalone Controller Quickstack en openstack-foreman-installer, utilizado en Red Hat Enterprise Linux OpenStack Platform 4.0, deshabilita autenticaci\u00f3n para Qpid, lo que permite a atacantes remotos ganar acceso mediante la conexi\u00f3n a Qpid.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1802FDB8-C919-4D5E-A8AD-4C5B72525090\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0517.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1051994\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0517.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1051994\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2014:0517

Vulnerability from csaf_redhat

Published

2014-05-29 20:26

Modified

2024-11-22 07:56

Summary

Red Hat Security Advisory: openstack-foreman-installer security, bug fix, and enhancement update

Notes

Topic

An updated openstack-foreman-installer package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The openstack-foreman-installer package provides facilities for rapidly deploying Red Hat Enterprise Linux OpenStack Platform 4. It was discovered that the Qpid configuration created by openstack-foreman-installer did not have authentication enabled when run with default settings in standalone mode. An attacker able to establish a TCP connection to Qpid could access any OpenStack back end using Qpid (for example, nova) without any authentication. (CVE-2013-6470) This update also fixes several bugs and adds enhancements. Documentation for these changes is available in the Technical Notes document linked to in the References section. All openstack-foreman-installer users are advised to upgrade to this updated package, which corrects these issues and adds these enhancements.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated openstack-foreman-installer package that fixes one security\nissue, several bugs, and adds various enhancements is now available for Red\nHat Enterprise Linux OpenStack Platform 4.0.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The openstack-foreman-installer package provides facilities for rapidly\ndeploying Red Hat Enterprise Linux OpenStack Platform 4.\n\nIt was discovered that the Qpid configuration created by\nopenstack-foreman-installer did not have authentication enabled when run\nwith default settings in standalone mode. An attacker able to establish a\nTCP connection to Qpid could access any OpenStack back end using Qpid (for\nexample, nova) without any authentication. (CVE-2013-6470)\n\nThis update also fixes several bugs and adds enhancements. Documentation\nfor these changes is available in the Technical Notes document linked to\nin the References section.\n\nAll openstack-foreman-installer users are advised to upgrade to this\nupdated package, which corrects these issues and adds these enhancements.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0517",
        "url": "https://access.redhat.com/errata/RHSA-2014:0517"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Technical_Notes/index.html",
        "url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Technical_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "1033247",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033247"
      },
      {
        "category": "external",
        "summary": "1049122",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049122"
      },
      {
        "category": "external",
        "summary": "1051994",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
      },
      {
        "category": "external",
        "summary": "1053623",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053623"
      },
      {
        "category": "external",
        "summary": "1062699",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062699"
      },
      {
        "category": "external",
        "summary": "1064050",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064050"
      },
      {
        "category": "external",
        "summary": "1064056",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064056"
      },
      {
        "category": "external",
        "summary": "1068885",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1068885"
      },
      {
        "category": "external",
        "summary": "1073087",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073087"
      },
      {
        "category": "external",
        "summary": "1073550",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073550"
      },
      {
        "category": "external",
        "summary": "1077818",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077818"
      },
      {
        "category": "external",
        "summary": "1078279",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078279"
      },
      {
        "category": "external",
        "summary": "1080638",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080638"
      },
      {
        "category": "external",
        "summary": "1084534",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084534"
      },
      {
        "category": "external",
        "summary": "1085547",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085547"
      },
      {
        "category": "external",
        "summary": "1087713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087713"
      },
      {
        "category": "external",
        "summary": "1088608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088608"
      },
      {
        "category": "external",
        "summary": "1088611",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088611"
      },
      {
        "category": "external",
        "summary": "1095853",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095853"
      },
      {
        "category": "external",
        "summary": "1099661",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1099661"
      },
      {
        "category": "external",
        "summary": "1100411",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1100411"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0517.json"
      }
    ],
    "title": "Red Hat Security Advisory: openstack-foreman-installer security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T07:56:04+00:00",
      "generator": {
        "date": "2024-11-22T07:56:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2014:0517",
      "initial_release_date": "2014-05-29T20:26:29+00:00",
      "revision_history": [
        {
          "date": "2014-05-29T20:26:29+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-05-29T20:26:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T07:56:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
                "product": {
                  "name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
                  "product_id": "6Server-RHOS-4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:4::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
                "product": {
                  "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
                  "product_id": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-foreman-installer@1.0.12-1.el6ost?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
                "product": {
                  "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
                  "product_id": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-foreman-installer@1.0.12-1.el6ost?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
          "product_id": "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch"
        },
        "product_reference": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
        "relates_to_product_reference": "6Server-RHOS-4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
          "product_id": "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
        },
        "product_reference": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
        "relates_to_product_reference": "6Server-RHOS-4.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-6470",
      "discovery_date": "2013-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1051994"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "foreman-installer: insecure defaults",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
          "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6470"
        },
        {
          "category": "external",
          "summary": "RHBZ#1051994",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6470",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6470"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6470",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6470"
        }
      ],
      "release_date": "2014-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-29T20:26:29+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0517"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "foreman-installer: insecure defaults"
    }
  ]
}

rhsa-2014_0517

Vulnerability from csaf_redhat

Published

2014-05-29 20:26

Modified

2024-11-22 07:56

Summary

Red Hat Security Advisory: openstack-foreman-installer security, bug fix, and enhancement update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated openstack-foreman-installer package that fixes one security\nissue, several bugs, and adds various enhancements is now available for Red\nHat Enterprise Linux OpenStack Platform 4.0.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The openstack-foreman-installer package provides facilities for rapidly\ndeploying Red Hat Enterprise Linux OpenStack Platform 4.\n\nIt was discovered that the Qpid configuration created by\nopenstack-foreman-installer did not have authentication enabled when run\nwith default settings in standalone mode. An attacker able to establish a\nTCP connection to Qpid could access any OpenStack back end using Qpid (for\nexample, nova) without any authentication. (CVE-2013-6470)\n\nThis update also fixes several bugs and adds enhancements. Documentation\nfor these changes is available in the Technical Notes document linked to\nin the References section.\n\nAll openstack-foreman-installer users are advised to upgrade to this\nupdated package, which corrects these issues and adds these enhancements.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0517",
        "url": "https://access.redhat.com/errata/RHSA-2014:0517"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Technical_Notes/index.html",
        "url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Technical_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "1033247",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033247"
      },
      {
        "category": "external",
        "summary": "1049122",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049122"
      },
      {
        "category": "external",
        "summary": "1051994",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
      },
      {
        "category": "external",
        "summary": "1053623",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053623"
      },
      {
        "category": "external",
        "summary": "1062699",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062699"
      },
      {
        "category": "external",
        "summary": "1064050",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064050"
      },
      {
        "category": "external",
        "summary": "1064056",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064056"
      },
      {
        "category": "external",
        "summary": "1068885",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1068885"
      },
      {
        "category": "external",
        "summary": "1073087",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073087"
      },
      {
        "category": "external",
        "summary": "1073550",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073550"
      },
      {
        "category": "external",
        "summary": "1077818",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077818"
      },
      {
        "category": "external",
        "summary": "1078279",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078279"
      },
      {
        "category": "external",
        "summary": "1080638",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080638"
      },
      {
        "category": "external",
        "summary": "1084534",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084534"
      },
      {
        "category": "external",
        "summary": "1085547",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085547"
      },
      {
        "category": "external",
        "summary": "1087713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087713"
      },
      {
        "category": "external",
        "summary": "1088608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088608"
      },
      {
        "category": "external",
        "summary": "1088611",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088611"
      },
      {
        "category": "external",
        "summary": "1095853",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095853"
      },
      {
        "category": "external",
        "summary": "1099661",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1099661"
      },
      {
        "category": "external",
        "summary": "1100411",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1100411"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0517.json"
      }
    ],
    "title": "Red Hat Security Advisory: openstack-foreman-installer security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T07:56:04+00:00",
      "generator": {
        "date": "2024-11-22T07:56:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2014:0517",
      "initial_release_date": "2014-05-29T20:26:29+00:00",
      "revision_history": [
        {
          "date": "2014-05-29T20:26:29+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-05-29T20:26:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T07:56:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
                "product": {
                  "name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
                  "product_id": "6Server-RHOS-4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:4::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
                "product": {
                  "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
                  "product_id": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-foreman-installer@1.0.12-1.el6ost?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
                "product": {
                  "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
                  "product_id": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-foreman-installer@1.0.12-1.el6ost?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
          "product_id": "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch"
        },
        "product_reference": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
        "relates_to_product_reference": "6Server-RHOS-4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
          "product_id": "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
        },
        "product_reference": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
        "relates_to_product_reference": "6Server-RHOS-4.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-6470",
      "discovery_date": "2013-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1051994"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "foreman-installer: insecure defaults",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
          "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6470"
        },
        {
          "category": "external",
          "summary": "RHBZ#1051994",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6470",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6470"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6470",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6470"
        }
      ],
      "release_date": "2014-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-29T20:26:29+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0517"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "foreman-installer: insecure defaults"
    }
  ]
}

rhsa-2014:0517

Vulnerability from csaf_redhat

Published

2014-05-29 20:26

Modified

2024-11-22 07:56

Summary

Red Hat Security Advisory: openstack-foreman-installer security, bug fix, and enhancement update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated openstack-foreman-installer package that fixes one security\nissue, several bugs, and adds various enhancements is now available for Red\nHat Enterprise Linux OpenStack Platform 4.0.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The openstack-foreman-installer package provides facilities for rapidly\ndeploying Red Hat Enterprise Linux OpenStack Platform 4.\n\nIt was discovered that the Qpid configuration created by\nopenstack-foreman-installer did not have authentication enabled when run\nwith default settings in standalone mode. An attacker able to establish a\nTCP connection to Qpid could access any OpenStack back end using Qpid (for\nexample, nova) without any authentication. (CVE-2013-6470)\n\nThis update also fixes several bugs and adds enhancements. Documentation\nfor these changes is available in the Technical Notes document linked to\nin the References section.\n\nAll openstack-foreman-installer users are advised to upgrade to this\nupdated package, which corrects these issues and adds these enhancements.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0517",
        "url": "https://access.redhat.com/errata/RHSA-2014:0517"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Technical_Notes/index.html",
        "url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/4/html/Technical_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "1033247",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033247"
      },
      {
        "category": "external",
        "summary": "1049122",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049122"
      },
      {
        "category": "external",
        "summary": "1051994",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
      },
      {
        "category": "external",
        "summary": "1053623",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053623"
      },
      {
        "category": "external",
        "summary": "1062699",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062699"
      },
      {
        "category": "external",
        "summary": "1064050",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064050"
      },
      {
        "category": "external",
        "summary": "1064056",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1064056"
      },
      {
        "category": "external",
        "summary": "1068885",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1068885"
      },
      {
        "category": "external",
        "summary": "1073087",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073087"
      },
      {
        "category": "external",
        "summary": "1073550",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073550"
      },
      {
        "category": "external",
        "summary": "1077818",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077818"
      },
      {
        "category": "external",
        "summary": "1078279",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078279"
      },
      {
        "category": "external",
        "summary": "1080638",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080638"
      },
      {
        "category": "external",
        "summary": "1084534",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084534"
      },
      {
        "category": "external",
        "summary": "1085547",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1085547"
      },
      {
        "category": "external",
        "summary": "1087713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1087713"
      },
      {
        "category": "external",
        "summary": "1088608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088608"
      },
      {
        "category": "external",
        "summary": "1088611",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088611"
      },
      {
        "category": "external",
        "summary": "1095853",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095853"
      },
      {
        "category": "external",
        "summary": "1099661",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1099661"
      },
      {
        "category": "external",
        "summary": "1100411",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1100411"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0517.json"
      }
    ],
    "title": "Red Hat Security Advisory: openstack-foreman-installer security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-22T07:56:04+00:00",
      "generator": {
        "date": "2024-11-22T07:56:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2014:0517",
      "initial_release_date": "2014-05-29T20:26:29+00:00",
      "revision_history": [
        {
          "date": "2014-05-29T20:26:29+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-05-29T20:26:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T07:56:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
                "product": {
                  "name": "Red Hat Enterprise Linux OpenStack Platform 4.0",
                  "product_id": "6Server-RHOS-4.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:4::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
                "product": {
                  "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
                  "product_id": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-foreman-installer@1.0.12-1.el6ost?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
                "product": {
                  "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
                  "product_id": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-foreman-installer@1.0.12-1.el6ost?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
          "product_id": "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch"
        },
        "product_reference": "openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
        "relates_to_product_reference": "6Server-RHOS-4.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-foreman-installer-0:1.0.12-1.el6ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 4.0",
          "product_id": "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
        },
        "product_reference": "openstack-foreman-installer-0:1.0.12-1.el6ost.src",
        "relates_to_product_reference": "6Server-RHOS-4.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-6470",
      "discovery_date": "2013-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1051994"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "foreman-installer: insecure defaults",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
          "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-6470"
        },
        {
          "category": "external",
          "summary": "RHBZ#1051994",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6470",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-6470"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6470",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6470"
        }
      ],
      "release_date": "2014-05-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-05-29T20:26:29+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0517"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.noarch",
            "6Server-RHOS-4.0:openstack-foreman-installer-0:1.0.12-1.el6ost.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "foreman-installer: insecure defaults"
    }
  ]
}

cve-2013-6470

Vulnerability from fkie_nvd

Published

2014-06-02 15:55

Modified

2024-11-21 01:59

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-0517.html	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1051994
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-0517.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1051994

Impacted products

	Vendor	Product	Version
	redhat	openstack	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n por defecto en el manifest de Standalone Controller Quickstack en openstack-foreman-installer, utilizado en Red Hat Enterprise Linux OpenStack Platform 4.0, deshabilita autenticaci\u00f3n para Qpid, lo que permite a atacantes remotos ganar acceso mediante la conexi\u00f3n a Qpid."
    }
  ],
  "id": "CVE-2013-6470",
  "lastModified": "2024-11-21T01:59:17.603",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-06-02T15:55:10.980",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0517.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0517.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2013-6470

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-6470

Aliases

CVE-2013-6470

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-6470",
    "description": "The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.",
    "id": "GSD-2013-6470",
    "references": [
      "https://access.redhat.com/errata/RHSA-2014:0517"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-6470"
      ],
      "details": "The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.",
      "id": "GSD-2013-6470",
      "modified": "2023-12-13T01:22:19.706954Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-6470",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2014-0517.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0517.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6470"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2014:0517",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0517.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-06-03T15:00Z",
      "publishedDate": "2014-06-02T15:55Z"
    }
  }
}

ghsa-6m3c-qm8q-jf8f

Vulnerability from github

Published

2022-05-17 04:43

Modified

2022-05-17 04:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-6470"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-06-02T15:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.",
  "id": "GHSA-6m3c-qm8q-jf8f",
  "modified": "2022-05-17T04:43:02Z",
  "published": "2022-05-17T04:43:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6470"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051994"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0517.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2013-6470

Vulnerability from cvelistv5

RHSA-2014:0517

Vulnerability from csaf_redhat

rhsa-2014_0517

Vulnerability from csaf_redhat

rhsa-2014:0517

Vulnerability from csaf_redhat

cve-2013-6470

Vulnerability from fkie_nvd

gsd-2013-6470

Vulnerability from gsd

ghsa-6m3c-qm8q-jf8f

Vulnerability from github

Tags

Sightings

Nomenclature