CVE-2013-2030

Name of the Vulnerable Software and Affected Versions OpenStack Nova versions Folsom through Havana

Description The issue is related to the use of an insecure temporary directory for storing signing certificates in the keystone/middleware/auth token.py module. This allows local users to potentially spoof servers by pre-creating the directory, which is then reused by Nova. An example of this exploit is demonstrated on Fedora using the /tmp/keystone-signing-nova directory.

Recommendations For OpenStack Nova versions Folsom through Havana, consider restricting access to the temporary directory used for storing signing certificates to prevent local users from spoofing servers. As a temporary workaround, restrict access to the /tmp/keystone-signing-nova directory to minimize the risk of exploitation.