User: Password:
Subscribe / Log in / New account

nova: information leak

Package(s):nova CVE #(s):CVE-2013-4278
Created:October 24, 2013 Updated:October 30, 2013
Description: From the CVE entry:

The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.

Fedora FEDORA-2013-22693 openstack-nova 2013-12-12
Ubuntu USN-2000-1 nova 2013-10-23

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds