CVE-2012-0030
UnknownEPSS 1.76%
Last modified
CVE-2012-0030 is a vulnerability of currently unknown severity. Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.. EPSS estimates a 1.76% chance of exploitation in the next 30 days.
Description
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Essex | All versions |
| Openstack | Nova | 2011.3 |
References
- http://secunia.com/advisories/47543Vendor Advisory
- http://secunia.com/advisories/47543Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-0030?
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
How severe is CVE-2012-0030?
Severity scoring for CVE-2012-0030 is pending analysis. The EPSS model estimates a 1.76% probability of exploitation in the next 30 days.
How do I fix CVE-2012-0030?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2012-0030?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST