{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-09-17T01:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://eucalyptus.atlassian.net/browse/EUCA-3074"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.eucalyptus.com/resources/security/advisories/esa-10"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2296", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://eucalyptus.atlassian.net/browse/EUCA-3074", "refsource": "CONFIRM", "url": "https://eucalyptus.atlassian.net/browse/EUCA-3074"}, {"name": "http://www.eucalyptus.com/resources/security/advisories/esa-10", "refsource": "CONFIRM", "url": "http://www.eucalyptus.com/resources/security/advisories/esa-10"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:36:44.473Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://eucalyptus.atlassian.net/browse/EUCA-3074"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.eucalyptus.com/resources/security/advisories/esa-10"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-2296", "datePublished": "2013-09-17T01:00:00Z", "dateReserved": "2013-03-02T00:00:00Z", "dateUpdated": "2024-09-17T03:13:29.698Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:*:*:*:*:*:*:*:*", "matchCriteriaId": "86D9C01E-D42E-4BC8-8C1C-CF58E29DC2E2", "versionEndIncluding": "3.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "91027387-6A15-4EF3-AA31-AE39A49505F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0A143205-6B95-410D-8500-1916DD4F3F3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EFAF37FF-B306-4231-8DDA-95EC16935C06", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "53689262-6D98-443A-883F-12D9812F4140", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "323791A0-35CA-49D2-B68F-F1FE30B66248", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "2677F0C3-7016-4379-B495-5301A5893322", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "55C87A95-CE7E-44A4-BE64-407CC94AB16E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "D2E86109-062F-4BCD-96EC-242F87DC63AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "11B0C518-C019-48CD-ABAC-B2F433CC0C9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC2B60FE-42EE-4F71-B73D-67FF1FD0CD29", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E8974798-2246-4C12-A0A2-ADDB10563E58", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C98920E-5369-4690-885A-BEE737F029C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F548349B-ADC1-48A5-A5FA-2C1B6B3CC553", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "91D1B66B-8605-46F5-8290-8A8DA5412546", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB322B1B-8FE8-4CEF-A7F4-B86F131F9116", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2ECBDD1A-8E7A-48C0-B638-815DDC3A3A4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "043A9574-806B-429F-9878-AFEEC2334AF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "926B4E5D-804D-4E03-B5A6-17F127D99F96", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BBC42BF2-045F-46FF-820B-C420B2A0029B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eucalyptus:eucalyptus:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3FB5BCB7-CEE7-4A5A-8F55-02944F1FD1A4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request."}, {"lang": "es", "value": "Walrus en Eucalyptus anteriores a v3.2.2 no verifica la autorizaci\u00f3n para las operaciones GetBucketLoggingStatus, setBucketLoggingStatus, y SetBucketVersioningStatus, lo cual permite a usuarios autenticados evitar restricciones establecidas (1) modificando la configuraci\u00f3n de registro, (2) modificando la configuraci\u00f3n de versionado, o (3) accediendo a los logs de actividad a trav\u00e9s de una petici\u00f3n."}], "id": "CVE-2013-2296", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-17T12:04:16.057", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.eucalyptus.com/resources/security/advisories/esa-10"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://eucalyptus.atlassian.net/browse/EUCA-3074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.eucalyptus.com/resources/security/advisories/esa-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://eucalyptus.atlassian.net/browse/EUCA-3074"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "eucalyptus: Missing Authorization Vulnerability in Walrus", "id": "952858", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952858"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "draft"}, "details": ["Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request."], "name": "CVE-2013-2296", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "fuse-esb-enterprise-7", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "jboss-fuse-6", "product_name": "Red Hat JBoss Enterprise Web Server 1"}], "public_date": "2013-04-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2296\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2296"], "statement": "Not affected. This flaw does not affect the jclouds Eucalyptus API as shipped with JBoss Fuse 6.0.0 and Fuse ESB Enterprise 7.1.0.", "threat_severity": "Low"}

{}