Name of the Vulnerable Software and Affected Versions OpenStack Nova versions Folsom through Havana

Description The issue is related to the insecure use of a temporary directory for storing signing certificates in the keystone/middleware/auth token.py module. This allows local users to potentially spoof servers by pre-creating the directory, which is then reused by Nova. An example of this exploit is demonstrated on Fedora using the /tmp/keystone-signing-nova directory.

Recommendations For OpenStack Nova versions Folsom through Havana, consider restricting access to the temporary directory used for storing signing certificates to prevent local users from spoofing servers. As a temporary workaround, restrict access to the /tmp/keystone-signing-nova directory to minimize the risk of exploitation.