CVE-2013-2296

{"id": "CVE-2013-2296", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-17T12:04:16.057", "references": [{"url": "http://www.eucalyptus.com/resources/security/advisories/esa-10", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://eucalyptus.atlassian.net/browse/EUCA-3074", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request."}, {"lang": "es", "value": "Walrus en Eucalyptus anteriores a v3.2.2 no verifica la autorizaci\u00f3n para las operaciones GetBucketLoggingStatus, setBucketLoggingStatus, y SetBucketVersioningStatus, lo cual permite a usuarios autenticados evitar restricciones establecidas (1) modificando la configuraci\u00f3n de registro, (2) modificando la configuraci\u00f3n de versionado, o (3) accediendo a los logs de actividad a trav\u00e9s de una petici\u00f3n."}], "lastModified": "2013-09-18T19:52:27.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86D9C01E-D42E-4BC8-8C1C-CF58E29DC2E2", "versionEndIncluding": "3.2.1"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91027387-6A15-4EF3-AA31-AE39A49505F0"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A143205-6B95-410D-8500-1916DD4F3F3B"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFAF37FF-B306-4231-8DDA-95EC16935C06"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53689262-6D98-443A-883F-12D9812F4140"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "323791A0-35CA-49D2-B68F-F1FE30B66248"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2677F0C3-7016-4379-B495-5301A5893322"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55C87A95-CE7E-44A4-BE64-407CC94AB16E"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2E86109-062F-4BCD-96EC-242F87DC63AF"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11B0C518-C019-48CD-ABAC-B2F433CC0C9D"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC2B60FE-42EE-4F71-B73D-67FF1FD0CD29"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8974798-2246-4C12-A0A2-ADDB10563E58"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C98920E-5369-4690-885A-BEE737F029C3"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F548349B-ADC1-48A5-A5FA-2C1B6B3CC553"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "91D1B66B-8605-46F5-8290-8A8DA5412546"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB322B1B-8FE8-4CEF-A7F4-B86F131F9116"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ECBDD1A-8E7A-48C0-B638-815DDC3A3A4B"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "043A9574-806B-429F-9878-AFEEC2334AF6"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "926B4E5D-804D-4E03-B5A6-17F127D99F96"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBC42BF2-045F-46FF-820B-C420B2A0029B"}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FB5BCB7-CEE7-4A5A-8F55-02944F1FD1A4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}