Lucene search

K

GitHub Advisory DatabaseGHSA-46R8-9CJ7-PW6G

HistoryMay 17, 2022 - 1:45 a.m.

OpenStack Compute (Nova) Improper Input Validation

2022-05-1701:45:47

CWE-20

GitHub Advisory Database

github.com

2

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.6%

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

Affected configurations

Vulners

Node

nova-cmsnova_cmsRange<12.0.0a0

CPENameOperatorVersion
novalt12.0.0a0

References

secunia.com/advisories/46808

secunia.com/advisories/49439

www.ubuntu.com/usn/USN-1466-1

bugs.launchpad.net/nova/+bug/985184

exchange.xforce.ibmcloud.com/vulnerabilities/76110

github.com/advisories/GHSA-46r8-9cj7-pw6g

github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978

github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654

lists.launchpad.net/openstack/msg12883.html

nvd.nist.gov/vuln/detail/CVE-2012-2654

review.openstack.org/#/c/8239

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.6%

Related for GHSA-46R8-9CJ7-PW6G

openvas16 nessus3 prion1 cve1 fedora7 debiancve1 cvelist1 nvd1 ubuntu1 ubuntucve1