- Description
- PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-255
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack_essex:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D9CF7F8-E70D-49E5-B61D-73948429A74A"
},
{
"criteria": "cpe:2.3:a:redhat:openstack_folsom:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CC2C6C4-7ABF-495C-8942-52FDAEEB6CEA"
},
{
"criteria": "cpe:2.3:a:redhat:packstack:2012.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73925A73-020A-4F16-9E79-FA6FACBA25C5"
}
],
"operator": "OR"
}
]
}
]