CVE-2013-2296 — MEDIUM (5.5)

Q: How severe is CVE-2013-2296?

CVE-2013-2296 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-2296?

Check the references section above for vendor advisories and patch information. Affected products include: Eucalyptus Eucalyptus.

Vulnerability Description

Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request.

CVSS Score

5.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Eucalyptus	Eucalyptus	<= 3.2.1

Related Weaknesses (CWE)

CWE-264

References

http://www.eucalyptus.com/resources/security/advisories/esa-10Vendor Advisory
https://eucalyptus.atlassian.net/browse/EUCA-3074Vendor Advisory
http://www.eucalyptus.com/resources/security/advisories/esa-10Vendor Advisory
https://eucalyptus.atlassian.net/browse/EUCA-3074Vendor Advisory

FAQ

What is CVE-2013-2296?

CVE-2013-2296 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticat...

How severe is CVE-2013-2296?

CVE-2013-2296 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2296?

Check the references section above for vendor advisories and patch information. Affected products include: Eucalyptus Eucalyptus.