UbuntuUSN-1466-1Nova vulnerability
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.2 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.6%
Releases
- Ubuntu 12.04
- Ubuntu 11.10
Packages
- nova - OpenStack Compute cloud infrastructure
Details
It was discovered that, when defining security groups in Nova using
the EC2 or OS APIs, specifying the network protocol (e.g. ‘TCP’) in
the incorrect case would cause the security group to not be applied
correctly. An attacker could use this to bypass Nova security group
restrictions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 12.04 | noarch | python-nova | < 2012.1-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-ajax-console-proxy | < 2012.1-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-api | < 2012.1-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-api-ec2 | < 2012.1-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-api-metadata | < 2012.1-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-api-os-compute | < 2012.1-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-api-os-volume | < 2012.1-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-cert | < 2012.1-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-common | < 2012.1-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | nova-compute | < 2012.1-0ubuntu2.2 | UNKNOWN |
References
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.2 Medium
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.6%