CVE-2012-4065

Name of the Vulnerable Software and Affected Versions Eucalyptus versions prior to 3.1.1

Description The issue allows remote authenticated users to bypass authorization checks and obtain direct access to the Cloud Controller or Walrus service via a crafted message. This can be demonstrated by changes to a volume, snapshot, or cloud configuration setting.

Recommendations For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to external SOAP web-services messages to minimize the risk of exploitation.