Описание
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| nova | fixed | 2013.2-1 | package | |
| nova | not-affected | wheezy | package |
Примечания
https://bugs.launchpad.net/nova/+bug/1073306
https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
https://bugs.launchpad.net/nova/+bug/1202266
https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
EPSS
Связанные уязвимости
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
EPSS