UbuntuUSN-1326-1Nova vulnerability
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.8%
Releases
- Ubuntu 11.10
Packages
- nova - OpenStack Compute cloud infrastructure
Details
Nachi Ueno, Rohit Karajgi, and Venkatesan Ravikumar discovered that when
Nova is configured to use the OpenStack API, it would not correctly enforce
access controls on certain incoming requests. A remote authenticated
attacker could exploit this to change resources of arbitrary tenants.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 11.10 | noarch | nova-api | < 2011.3-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 11.10 | noarch | nova-ajax-console-proxy | < 2011.3-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 11.10 | noarch | nova-common | < 2011.3-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 11.10 | noarch | nova-compute | < 2011.3-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 11.10 | noarch | nova-compute-kvm | < 2011.3-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 11.10 | noarch | nova-compute-lxc | < 2011.3-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 11.10 | noarch | nova-compute-uml | < 2011.3-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 11.10 | noarch | nova-compute-xen | < 2011.3-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 11.10 | noarch | nova-doc | < 2011.3-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 11.10 | noarch | nova-network | < 2011.3-0ubuntu6.4 | UNKNOWN |
References
Related
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:P/A:P
6.3 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.8%