OpenStack Compute Nova Boot-From-Volume Vulnerability in Folsom and Essex
CVE-2013-0208

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
13 February 2013

Summary

The boot-from-volume feature in OpenStack Compute (Nova) versions Folsom and Essex is vulnerable, allowing remote authenticated users to boot from other users' volumes. This exploit can be executed through the manipulation of the block_device_mapping parameter, posing a significant threat to data integrity and confidentiality. As users may be unaware of unauthorized access to their volumes, it emphasizes the need for stringent security measures and prompt updates.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.