Medium severity5.5NVD Advisory· Published Mar 8, 2013· Updated Apr 30, 2026

CVE-2013-0266

Description

A flaw was found in the puppetlabs-cinder module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the cinder.conf and api-paste.ini configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources.

Affected products

OpenStack/Essex
cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*
OpenStack/Folsom
cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2013-0595.htmlnvdVendor Advisory
access.redhat.com/security/cve/CVE-2013-0266nvd
bugzilla.redhat.com/show_bug.cginvd
github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebcnvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000