4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
76.0%
The (1) backup (api/contrib/backups.py) and (2) volume transfer
(contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and
earlier allows remote attackers to cause a denial of service (resource
consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this
issue is due to an incomplete fix for CVE-2013-1664.
Author | Note |
---|---|
jdstrand | Ubuntu 12.10 not affected per upstream fixed in updates of Ubuntu 13.04 |