CVE-2013-0335 – nova

Package

Manager: pip
Name: nova
Vulnerable Version: >=0 <12.0.0a0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01036 pctl0.76476

Details

OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

Metadata

Created: 2022-05-05T02:48:49Z
Modified: 2024-11-26T16:56:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qfp8-hfqx-c79c/GHSA-qfp8-hfqx-c79c.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-qfp8-hfqx-c79c
Finding: F006
Auto approve: 1