Описание
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:2013.2~rc2-0ubuntu1 |
| lucid | DNE | |
| precise | not-affected | code-not-present |
| quantal | not-affected | |
| raring | released | 1:2013.1.3-0ubuntu1.1 |
| saucy | not-affected | 1:2013.2~rc2-0ubuntu1 |
| upstream | needed |
Показывать по
EPSS
3.5 Low
CVSS2
Связанные уязвимости
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizz ...
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
EPSS
3.5 Low
CVSS2