Описание
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
Отчет
Not vulnerable. Red Hat did not release the incomplete fix for CVE-2013-2256 in any products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 3 | openstack-nova | Not affected | ||
| Red Hat OpenStack Platform 4 | openstack-nova | Not affected |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS2
Связанные уязвимости
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizz ...
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
5.5 Medium
CVSS2