12 matches found
CVE-2013-2255
OpenStack CVE-2013-2255 affects HTTPSConnections in Keystone (2013) and OpenStack Compute (2013.1), and possibly other OpenStack components. Root cause: server-side SSL certificate validation is not performed, allowing potential impersonation or man-in-the-middle scenarios where untrusted certifi...
CVE-2014-0167
The CVE-2014-0167 entry documents a privilege-escalation flaw in OpenStack Nova (EC2 API security group) where the Nova compute API did not enforce RBAC policies for add_rules, remove_rules, destroy, and other methods when non-default policies were in use. Affected releases include OpenStack Comp...
CVE-2014-2573
The VMware driver in OpenStack Compute (Nova) 2013.2–2013.2.2 does not correctly place VMs into RESCUE, allowing remote authenticated users to bypass quota and trigger a denial of service by rescuing the VM and then deleting the image. Related advisories (GHSA/OSV) reiterate the vulnerability and...
CVE-2012-3371
The CVE refers to OpenStack Nova (Compute) scheduler vulnerability in Folsom (2012.2) and Essex (2012.1). When scheduler filters DifferentHostFilter or SameHostFilter are enabled, remote authenticated users can trigger a denial of service by sending requests with many repeated IDs in the os:sched...
CVE-2013-4179
OpenStack Nova (Grizzly 2013.1.3, Havana before havana-3, and earlier) is affected by CVE-2013-4179, a denial-of-service due to XML Entity Expansion (XEE) in the security group extension. The issue stems from an incomplete fix for CVE-2013-1664 and can allow remote attackers to cause resource con...
CVE-2013-4278
CVE-2013-4278 refers to a vulnerability in OpenStack Compute (Nova) where the flavor access control check (os-flavor-access:is_public) is not properly enforced. This allows remote authenticated users to boot arbitrary flavors by guessing flavor IDs, stemming from an incomplete fix for CVE-2013-22...
CVE-2014-0134
OpenStack Nova shows a vulnerability in 2013.2 (before 2013.2.3) and Icehouse (before 2014.1) when using libvirt to spawn images with use_cow_images=false: remote authenticated users could read certain compute host files by overwriting an instance disk with a crafted image. The affected component...
CVE-2013-4185
CVE-2013-4185 describes an algorithmic complexity vulnerability in OpenStack Compute (Nova) where the code path for updating network source security group policies is mishandled. This allows an authenticated remote user to trigger a denial of service by issuing many server-creation operations, ca...
CVE-2013-7130
CVE-2013-7130 affects the OpenStack OpenStack Compute (Nova) libvirt driver when performing KVM live block migration. The i_create_images_and_backing path does not create all expected files, which could let an authenticated attacker obtain the snapshot root disk contents of other users via epheme...
CVE-2012-2654
CVE-2012-2654 affects OpenStack Compute (Nova) EC2 and OS APIs in Folsom, Essex, and Diablo releases. The vulnerability arises from improper protocol validation when creating security groups if the network protocol isn’t specified in lowercase, allowing remote attackers to bypass access restricti...
CVE-2013-2030
CVE-2013-2030 affects OpenStack Nova (keystone/middleware/auth_token.py) in Folsom, Grizzly, and Havana. It uses an insecure temporary directory to store signing certificates, enabling local users to spoof servers by pre-creating the directory (e.g., /tmp/keystone-signing-nova on Fedora). Several...
CVE-2015-2687
OpenStack Compute (Nova) vulnerability CVE-2015-2687 affects Icehouse, Juno and Havana. When live migration fails, local users can access VM volumes they normally should not be able to access. The provided connected documents do not specify the underlying root cause, affected component details be...