CVE-2011-4076
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
26/11/2019
Last modified:
21/11/2024
Description
OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:* | 2010.1 (including) | 2012.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/security/cve/cve-2011-4076
- https://bugs.launchpad.net/nova/+bug/868360
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076
- https://security-tracker.debian.org/tracker/CVE-2011-4076
- https://www.openwall.com/lists/oss-security/2011/10/25/4
- https://access.redhat.com/security/cve/cve-2011-4076
- https://bugs.launchpad.net/nova/+bug/868360
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076
- https://security-tracker.debian.org/tracker/CVE-2011-4076
- https://www.openwall.com/lists/oss-security/2011/10/25/4