VNC Token Vulnerability in OpenStack Compute by OpenStack
CVE-2013-0335

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
22 March 2013

Summary

The OpenStack Compute (Nova) service's handling of VNC tokens has a significant vulnerability where remote authenticated users can exploit opportunistic circumstances. This allows them to access a virtual machine (VM) using the VNC token associated with a deleted VM that shares the same VNC port. This could result in unauthorized access to sensitive data or control over unintended VMs, highlighting the need for improved access control mechanisms within the Nova service.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.