| Name | CVE-2013-2296 |
| Description | Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 707592 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| eucalyptus | source | (unstable) | (unfixed) | 707592 |
commit: https://github.com/eucalyptus/eucalyptus/commit/da7bb8b7c15d453e62df38eff5c12d0998e6eab1
https://eucalyptus.atlassian.net/browse/EUCA-3074