2.7 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:N/I:N/A:P
5.8 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
79.8%
Garth Mollett discovered that OpenStack Nova did not properly clean up an
instance when using rescue mode with the VMWare driver. A remove
authenticated user could exploit this to bypass intended quota limits. By
default, Ubuntu does not use the VMWare driver. (CVE-2014-3608)
Amrith Kumar discovered that OpenStack Nova did not properly sanitize log
message contents. Under certain circumstances, a local attacker with read
access to Nova log files could obtain access to sensitive information.
(CVE-2014-7230)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 14.04 | noarch | python-nova | < 1:2014.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nova-ajax-console-proxy | < 1:2014.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nova-api | < 1:2014.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nova-api-ec2 | < 1:2014.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nova-api-metadata | < 1:2014.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nova-api-os-compute | < 1:2014.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nova-api-os-volume | < 1:2014.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nova-baremetal | < 1:2014.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nova-cells | < 1:2014.1.3-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | nova-cert | < 1:2014.1.3-0ubuntu1.1 | UNKNOWN |