UNKNOWN PyPI
OpenStack Compute Nova Improper Access Control
GHSA-27q4-38qf-m25h · CVE-2013-4497
Published · Modified
Description
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-4497
- WEB https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e
- WEB https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
- WEB https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
- WEB https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b
- WEB https://bugs.launchpad.net/nova/+bug/1073306
- WEB https://bugs.launchpad.net/nova/+bug/1202266
- PACKAGE https://github.com/openstack/nova
- WEB http://www.openwall.com/lists/oss-security/2013/11/03/2
- WEB http://www.openwall.com/lists/oss-security/2013/11/03/3
Ready to move
Start Securing
Free, no credit card | First findings in minutes