CVE-2013-4497

Currently unrated

Key Information:

Vendor: Openstack
Status: Havana
Vendor: CVE Published:; 5 November 2013

Summary

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

References

http://www.openwall.com/lists/oss-security/2013/11/03/2

mailing-listx_refsource_MLIST

https://bugs.launchpad.net/nova/+bug/1202266

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2013/11/03/3

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Nov 5, 2013
Vulnerability Reserved
Jun 12, 2013