OpenStack Compute Nova Boot-From-Volume Vulnerability in Folsom and Essex
CVE-2013-0208

Currently unrated

Key Information:

Vendor: Openstack
Status: Essex; Folsom
Vendor: CVE Published:; 13 February 2013

Summary

The boot-from-volume feature in OpenStack Compute (Nova) versions Folsom and Essex is vulnerable, allowing remote authenticated users to boot from other users' volumes. This exploit can be executed through the manipulation of the block_device_mapping parameter, posing a significant threat to data integrity and confidentiality. As users may be unaware of unauthorized access to their volumes, it emphasizes the need for stringent security measures and prompt updates.

References

https://github.com/openstack/nova/commit/317cc0af385536de...

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2013-0208.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/51992

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 13, 2013
Vulnerability Reserved
Dec 6, 2012