Vulnerability in OpenStack Compute allowing unauthorized access to boot flavors
CVE-2013-4278
Currently unrated
Summary
The OpenStack Compute (Nova) API's 'create an instance' function fails to properly enforce the os-flavor-access:is_public property. This weakness allows remote authenticated users to boot arbitrary flavors by merely guessing the flavor IDs. This issue is a result of an incomplete fix for a previously reported vulnerability in OpenStack. As a result, unauthorized access to private flavors may occur, which poses significant security risks and challenges for cloud environments.
References
Timeline
Vulnerability published
Vulnerability Reserved