CVE-2012-2654 – nova

Package

Manager: pip
Name: nova
Vulnerable Version: >=0 <12.0.0a0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01178 pctl0.77946

Details

OpenStack Compute (Nova) Improper Input Validation The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

Metadata

Created: 2022-05-17T01:45:47Z
Modified: 2024-11-22T18:03:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-46r8-9cj7-pw6g/GHSA-46r8-9cj7-pw6g.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-46r8-9cj7-pw6g
Finding: F184
Auto approve: 1