Lucene search
K

4 matches found

CVE
CVE
added 2014/04/15 2:0 p.m.84 views

CVE-2014-0167

The CVE-2014-0167 entry documents a privilege-escalation flaw in OpenStack Nova (EC2 API security group) where the Nova compute API did not enforce RBAC policies for add_rules, remove_rules, destroy, and other methods when non-default policies were in use. Affected releases include OpenStack Comp...

6CVSS6.5AI score0.01647EPSS
CVE
CVE
added 2014/03/25 3:0 p.m.83 views

CVE-2014-2573

The VMware driver in OpenStack Compute (Nova) 2013.2–2013.2.2 does not correctly place VMs into RESCUE, allowing remote authenticated users to bypass quota and trigger a denial of service by rescuing the VM and then deleting the image. Related advisories (GHSA/OSV) reiterate the vulnerability and...

2.3CVSS6.1AI score0.00705EPSS
CVE
CVE
added 2014/05/08 2:0 p.m.74 views

CVE-2014-0134

OpenStack Nova shows a vulnerability in 2013.2 (before 2013.2.3) and Icehouse (before 2014.1) when using libvirt to spawn images with use_cow_images=false: remote authenticated users could read certain compute host files by overwriting an instance disk with a crafted image. The affected component...

3.5CVSS6AI score0.01488EPSS
CVE
CVE
added 2014/02/06 4:0 p.m.69 views

CVE-2013-7130

CVE-2013-7130 affects the OpenStack OpenStack Compute (Nova) libvirt driver when performing KVM live block migration. The i_create_images_and_backing path does not create all expected files, which could let an authenticated attacker obtain the snapshot root disk contents of other users via epheme...

7.1CVSS6.2AI score0.02159EPSS