Bug 1039144 (CVE-2013-6428)

Summary: CVE-2013-6428 OpenStack Heat: ReST API doesn't respect tenant scoping
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aortega, apevec, ayoung, chrisw, gkotton, gmollett, iheim, jpeeler, lhh, markmc, rbryant, sbaker, sclewis, sdake, security-response-team, shardy, yeylon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-15 07:26:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1039147, 1112426, 1112427    
Bug Blocks: 1039146    
Attachments:
Description Flags
cve-2013-6428-master-icehouse.patch
none
cve-2013-6428-stable-havana.patch none

Description Kurt Seifried 2013-12-06 18:53:19 UTC 
Jeremy Stanley of the OpenStack	Project	reports:

Steven Hardy from Red Hat reported a vulnerability in the Heat ReST
API. By changing the request path, an authenticated client may
override their tenant scope resulting in privilege escalation. Only
setups exposing the Heat orchestration ReST interface are affected.
Comment 2 Kurt Seifried 2013-12-06 18:58:41 UTC 
Acknowledgements: 

Red Hat would like to thank Jeremy Stanley of the OpenStack Project for reporting this issue. Upstream acknowledges Steven Hardy of Red Hat as the original reporter.
Comment 4 Kurt Seifried 2013-12-06 19:01:25 UTC 
Created attachment 833716 [details]
cve-2013-6428-master-icehouse.patch
Comment 5 Kurt Seifried 2013-12-06 19:02:07 UTC 
Created attachment 833718 [details]
cve-2013-6428-stable-havana.patch
Comment 6 errata-xmlrpc 2014-01-22 18:33:14 UTC 
This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0090 https://rhn.redhat.com/errata/RHSA-2014-0090.html
Comment 8 Garth Mollett 2014-06-23 23:39:21 UTC 
Created openstack-heat tracking bugs for this issue:

Affects: fedora-19 [bug 1112426]