Skip to main content

Eucalyptus CVE-2013-2296

MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2013-09-17 cve@mitre.org
5.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:P/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 17, 2013 - 12:04 cve.org
MEDIUM 5.5

DescriptionCVE.org

Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request.

AnalysisAI

Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-264. Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request. Affected products include: Eucalyptus. Version information: before 3.2.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-4767 CRITICAL
10.0 Oct 10

Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors. Rated critical severity (CVS

CVE-2012-3241 HIGH
7.5 Jul 17

The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows

CVE-2012-3240 HIGH
7.5 Jul 17

The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges v

CVE-2015-6861 HIGH
7.5 Jan 05

HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission

CVE-2014-5040 MEDIUM
6.8 Jan 05

HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to

CVE-2017-7999 MEDIUM
6.5 Jun 01

Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause

CVE-2012-4064 MEDIUM
6.5 Oct 01

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remo

CVE-2012-4063 MEDIUM
5.0 Oct 01

The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transfor

CVE-2013-4768 MEDIUM
5.0 Apr 16

The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors re

CVE-2012-4066 MEDIUM
5.0 Mar 08

The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified req

CVE-2013-4769 MEDIUM
4.3 Dec 26

The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled sett

CVE-2012-4067 MEDIUM
4.3 Sep 17

Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumpt

Share

CVE-2013-2296 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy