Описание
OpenStack Compute Nova Improper Access Control
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-4497
- https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e
- https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
- https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
- https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b
- https://bugs.launchpad.net/nova/+bug/1073306
- https://bugs.launchpad.net/nova/+bug/1202266
- http://www.openwall.com/lists/oss-security/2013/11/03/2
- http://www.openwall.com/lists/oss-security/2013/11/03/3
Пакеты
nova
< 12.0.0a0
12.0.0a0
EPSS
CVE ID
Связанные уязвимости
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Ha ...
EPSS