Vulnerabilities

CVE-2013-4278

by Fred · 16/09/2013

The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.

Date published : 2013-09-16

https://bugs.launchpad.net/ossa/+bug/1212179

http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html

Similar

Tags: Cybersecurity Alert