| Vulnerability Name: | CVE-2013-4278 (CCN-86665) | ||||||||||||
| Assigned: | 2013-08-27 | ||||||||||||
| Published: | 2013-08-27 | ||||||||||||
| Updated: | 2023-02-13 | ||||||||||||
| Summary: | OpenStack Compute (Nova) could allow a remote attacker to bypass security restrictions, caused by an incomplete fix related to the handling of access restrictions on private flavors. An attacker could exploit this vulnerability to view and boot any other tenant's private flavors and gain unauthorized access to the vulnerable application. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N) 2.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2013-4278 Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: CCN Type: SA54624 OpenStack Compute (Nova) Create Instance API Security Bypass Vulnerability Source: CCN Type: OpenStack Web site OpenStack Open Source Cloud Computing Software Source: CCN Type: BID-62016 OpenStack Nova CVE-2013-4278 Security Bypass Vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN nova-cve20134278-sec-bypass(86665) Source: CCN Type: OpenStack GIT Repository Enforce flavor access during instance boot | ||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||