A flaw was identified in the way Walrus checks authorization for some operations on buckets. As a result, an authenticated user does not require authorization to enable logging and versioning on buckets and could potentially get access to activity logs for that bucket. Links: http://www.eucalyptus.com/eucalyptus-cloud/security/esa-10 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2296 https://eucalyptus.atlassian.net/browse/EUCA-3074
Statement: Not affected. This flaw does not affect the jclouds Eucalyptus API as shipped with JBoss Fuse 6.0.0 and Fuse ESB Enterprise 7.1.0.
Created eucalyptus tracking bugs for this issue Affects: fedora-all [bug 953355]