VYPR
Medium severity5.5NVD Advisory· Published Mar 8, 2013· Updated Jun 16, 2026

CVE-2013-0266

CVE-2013-0266

Description

A flaw was found in the puppetlabs-cinder module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the cinder.conf and api-paste.ini configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.