CVE 2013-6428
The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.
Related bugs and status
CVE-2013-6428 (Candidate) is related to these bugs:
Bug #1256983: [OSSA 2013-035] Heat ReST API doesn't respect tenant scoping (CVE-2013-6428)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1256983 | [OSSA 2013-035] Heat ReST API doesn't respect tenant scoping (CVE-2013-6428) | OpenStack Heat | Critical | Fix Released | ||
| 1256983 | [OSSA 2013-035] Heat ReST API doesn't respect tenant scoping (CVE-2013-6428) | OpenStack Security Advisory | Critical | Fix Released | ||
| 1256983 | [OSSA 2013-035] Heat ReST API doesn't respect tenant scoping (CVE-2013-6428) | OpenStack Heat grizzly | Critical | Won't Fix | ||
| 1256983 | [OSSA 2013-035] Heat ReST API doesn't respect tenant scoping (CVE-2013-6428) | OpenStack Heat havana | Critical | Fix Released | ||
Bug #1262788: Meta bug for tracking Openstack 2013.2.1 Stable Update
Bug #1267557: [MIR] heat
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1267557 | [MIR] heat | heat (Ubuntu) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
