Back to search
CVE-2013-2256
Published: Sep 16, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2013:1199
vendor-advisory
x_refsource_REDHAT
https://bugs.launchpad.net/nova/+bug/1194093
x_refsource_CONFIRM
[oss-security] 20130806 [OSSA 2013-019] Resource limit circumvention in Nova private flavors (CVE-2013-2256)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now