What is the severity of CVE-2012-0030?

CVE-2012-0030 is classified as a medium severity vulnerability due to its potential for unauthorized access.

How do I fix CVE-2012-0030?

To mitigate CVE-2012-0030, upgrade to a patched version of OpenStack Nova or Essex that addresses this vulnerability.

Who is affected by CVE-2012-0030?

CVE-2012-0030 affects users of OpenStack Nova 2011.3 and Essex using the OpenStack API.

What specifically does CVE-2012-0030 allow attackers to do?

CVE-2012-0030 allows remote authenticated users to bypass access restrictions and potentially access other users' tenant data.

Is there a workaround for CVE-2012-0030?

A temporary workaround for CVE-2012-0030 is to implement additional access controls at the network level until a patch is applied.

Vulnerability/
CVE-2012-0030

medium

4.9

CWE

264

13/1/2012

29/8/2017

CVE-2012-0030

First published: Fri Jan 13 2012(Updated: )

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Red Hat OpenStack Essex
OpenStack Nova-LXD	=2011.3

Remedy

https://lists.launchpad.net/openstack/msg06648.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-0030?
CVE-2012-0030 is classified as a medium severity vulnerability due to its potential for unauthorized access.
How do I fix CVE-2012-0030?
To mitigate CVE-2012-0030, upgrade to a patched version of OpenStack Nova or Essex that addresses this vulnerability.
Who is affected by CVE-2012-0030?
CVE-2012-0030 affects users of OpenStack Nova 2011.3 and Essex using the OpenStack API.
What specifically does CVE-2012-0030 allow attackers to do?
CVE-2012-0030 allows remote authenticated users to bypass access restrictions and potentially access other users' tenant data.
Is there a workaround for CVE-2012-0030?
A temporary workaround for CVE-2012-0030 is to implement additional access controls at the network level until a patch is applied.

agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/author
agent/severity
agent/weakness
agent/remedy
agent/softwarecombine
agent/description
agent/tags
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/openstack
canonical/red hat openstack essex
canonical/openstack nova-lxd
version/openstack nova-lxd/2011.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.