CVE-2013-4497 – nova

Package

Manager: pip
Name: nova
Vulnerable Version: >=0 <12.0.0a0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00106 pctl0.29328

Details

OpenStack Compute Nova Improper Access Control The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

Metadata

Created: 2022-05-17T04:58:30Z
Modified: 2024-05-14T21:27:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-27q4-38qf-m25h/GHSA-27q4-38qf-m25h.json
CWE IDs: []
Alternative ID: GHSA-27q4-38qf-m25h
Finding: F039
Auto approve: 1