VNC Token Vulnerability in OpenStack Compute by OpenStack
CVE-2013-0335
Currently unrated
Summary
The OpenStack Compute (Nova) service's handling of VNC tokens has a significant vulnerability where remote authenticated users can exploit opportunistic circumstances. This allows them to access a virtual machine (VM) using the VNC token associated with a deleted VM that shares the same VNC port. This could result in unauthorized access to sensitive data or control over unintended VMs, highlighting the need for improved access control mechanisms within the Nova service.
References
Timeline
Vulnerability published
Vulnerability Reserved