Back to search
CVE-2013-6428
Published: Dec 14, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://launchpad.net/bugs/1256983
x_refsource_CONFIRM
RHSA-2014:0090
vendor-advisory
x_refsource_REDHAT
[oss-security] 20131211 [OSSA 2013-035] Heat ReST API doesn't respect tenant scoping (CVE-2013-6428)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now