GitHub Advisory DatabaseGHSA-27Q4-38QF-M25HOpenStack Compute Nova Improper Access Control
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
7.3 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.9%
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
Affected configurations
References
www.openwall.com/lists/oss-security/2013/11/03/2
www.openwall.com/lists/oss-security/2013/11/03/3
bugs.launchpad.net/nova/+bug/1073306
bugs.launchpad.net/nova/+bug/1202266
github.com/advisories/GHSA-27q4-38qf-m25h
github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e
github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b
nvd.nist.gov/vuln/detail/CVE-2013-4497
Related
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
7.3 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.9%