Page tree
Skip to end of metadata
Go to start of metadata

Unauthorized Access to CC/NC Log Files


 

Description

Unauthorized Access to CC/NC Log Files

Severity LevelMODERATE
Issue Date2013-08-27
Last Updated2013-09-11
Affected ProductsEucalyptus 3.3.0 and earlier
CVE NumberCVE-2013-4766

 

 

Overview

A vulnerability has been identified in Eucalyptus 3.3.0 and earlier. Anonymous/unauthenticated user could get access to log files of Cluster Controller (CC) and Node Controller (NC) components. An update is now available that resolves this issue.

Description

A flaw was identified in the implementation of gather log service on both the CC and the NC. An unauthenticated user with remote access to a CC or an NC could retrieve the component’s log files. This could lead to disclosure of information internal to Eucalyptus cloud.

Solution

Eucalyptus version 3.3.1 resolves this issue.

Please see https://www.eucalyptus.com/download/eucalyptus for instructions on downloading and upgrading to the latest Eucalyptus software.

Contact and help

Contact the Eucalyptus security team at security@eucalyptus.com.