OpenStack Compute Nova API Security Group Vulnerability in 2013.1 and Icehouse
CVE-2014-0167

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
15 April 2014

Summary

The Nova EC2 API within OpenStack Compute does not adequately implement role-based access control (RBAC) policies for several critical operations, such as adding or removing rules and destruction of resources. This lack of enforcement means that remote authenticated users can exploit these weaknesses to gain unauthorized privileges through specific API requests, potentially leading to broader security risks within affected environments.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.