OpenStack Compute Nova API Security Group Vulnerability in 2013.1 and Icehouse
CVE-2014-0167
Currently unrated
Summary
The Nova EC2 API within OpenStack Compute does not adequately implement role-based access control (RBAC) policies for several critical operations, such as adding or removing rules and destruction of resources. This lack of enforcement means that remote authenticated users can exploit these weaknesses to gain unauthorized privileges through specific API requests, potentially leading to broader security risks within affected environments.
References
Timeline
Vulnerability published
Vulnerability Reserved