OpenStack Compute Nova API Security Group Vulnerability in 2013.1 and Icehouse
CVE-2014-0167

Currently unrated

Key Information:

Vendor

Openstack
Status
Compute
Icehouse
Vendor
CVE Published:
15 April 2014

What is CVE-2014-0167?

The Nova EC2 API within OpenStack Compute does not adequately implement role-based access control (RBAC) policies for several critical operations, such as adding or removing rules and destruction of resources. This lack of enforcement means that remote authenticated users can exploit these weaknesses to gain unauthorized privileges through specific API requests, potentially leading to broader security risks within affected environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2014/04/09/26
mailing-listx_refsource_MLIST
https://launchpad.net/bugs/1290537
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2247-1
vendor-advisoryx_refsource_UBUNTU

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.