CVE-2012-0030

Description

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.

How to fix CVE-2012-0030

To remediate CVE-2012-0030, upgrade the affected package to a fixed version below.

• Debian/nova—upgrade to 2012.1~rc1-1 or later

Is CVE-2012-0030 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2012.1~rc1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-0030