Image Resizing and Live Migration Security Flaw in OpenStack Nova by OpenStack
CVE-2013-4497
Currently unrated
Summary
The OpenStack Compute (Nova) component suffers from a security limitation where the XenAPI backend fails to enforce security group policies adequately. This failure occurs in two critical scenarios: when resizing images and during live migration processes. Malicious actors could exploit this oversight to bypass established security measures, potentially gaining unauthorized access to resources. The affected versions of Nova include Folsom, Grizzly, and Havana, prior to the 2013.2 release.
References
Timeline
Vulnerability published
Vulnerability Reserved