VYPR
Moderate severityNVD Advisory· Published Dec 27, 2013· Updated Jun 16, 2026

CVE-2013-2030

CVE-2013-2030

Description

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
python-keystoneclientPyPI
< 0.2.40.2.4

Affected products

10
  • OpenStack/Compute4 versions
    cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:compute:2013.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:compute:2013.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:compute:2013.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:grizzly:2013.1:*:*:*:*:*:*:*
  • OpenStack/Havana3 versions
    cpe:2.3:a:openstack:havana:havana-1:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:openstack:havana:havana-1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:havana:havana-2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:havana:havana-3:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 0.2.4

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.