VYPR
Unrated severityNVD Advisory· Published Dec 14, 2013· Updated Jun 17, 2026

CVE-2013-6426

CVE-2013-6426

Description

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OpenStack/Heat2 versions
    cpe:2.3:a:openstack:heat:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openstack:heat:*:*:*:*:*:*:*:*range: <=2013.2
    • (no CPE)range: < 2013.2.1 (Havana) and < icehouse-2 (Icehouse)

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.