CVE-2013-1068
EPSS 0.22%
Description
The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.
How to fix CVE-2013-1068
To remediate CVE-2013-1068, upgrade the affected package to a fixed version below.
- Debian/cinder—upgrade to 2014.1.1-3 or later
- Debian/nova—upgrade to 2014.1.1-4 or later
Is CVE-2013-1068 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2014.1.1-3
- from 0, < 2014.1.1-4