4 matches found
CVE-2014-0167
The CVE-2014-0167 entry documents a privilege-escalation flaw in OpenStack Nova (EC2 API security group) where the Nova compute API did not enforce RBAC policies for add_rules, remove_rules, destroy, and other methods when non-default policies were in use. Affected releases include OpenStack Comp...
CVE-2014-2573
The VMware driver in OpenStack Compute (Nova) 2013.2–2013.2.2 does not correctly place VMs into RESCUE, allowing remote authenticated users to bypass quota and trigger a denial of service by rescuing the VM and then deleting the image. Related advisories (GHSA/OSV) reiterate the vulnerability and...
CVE-2014-0134
OpenStack Nova shows a vulnerability in 2013.2 (before 2013.2.3) and Icehouse (before 2014.1) when using libvirt to spawn images with use_cow_images=false: remote authenticated users could read certain compute host files by overwriting an instance disk with a crafted image. The affected component...
CVE-2013-7130
CVE-2013-7130 affects the OpenStack OpenStack Compute (Nova) libvirt driver when performing KVM live block migration. The i_create_images_and_backing path does not create all expected files, which could let an authenticated attacker obtain the snapshot root disk contents of other users via epheme...