Derekh

**Name of the Vulnerable Software and Affected Versions** Red Hat OpenStack PackStack versions 2012.2.3 **Description** The issue allows local users to modify deployed systems by changing the answer file, which can be created in insecure directories such as /tmp or the current working directory. **Recommendations** For PackStack version 2012.2.3, consider restricting access to the answer file to prevent local users from modifying deployed systems. As a temporary workaround, ensure that the answer file is created in a secure directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** puppetlabs-cinder module (affected versions not specified) **Description** The issue concerns the puppetlabs-cinder module, which is used in PackStack. It allows local users to read OpenStack administrative passwords due to world-readable permissions set for the `cinder.conf` and `api-paste.ini` configuration files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.