Vulnerability in OpenStack Compute allowing unauthorized access to boot flavors
CVE-2013-4278

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
16 September 2013

Summary

The OpenStack Compute (Nova) API's 'create an instance' function fails to properly enforce the os-flavor-access:is_public property. This weakness allows remote authenticated users to boot arbitrary flavors by merely guessing the flavor IDs. This issue is a result of an incomplete fix for a previously reported vulnerability in OpenStack. As a result, unauthorized access to private flavors may occur, which poses significant security risks and challenges for cloud environments.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.