Race Condition Vulnerability in OpenStack's VMware Driver
CVE-2014-8750

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
15 October 2014

Summary

A race condition in the VMware driver of OpenStack Compute (Nova) prior to versions 2014.1.4 and 2014.2 before 2014.2rc1 permits remote authenticated users to access unintended VNC consoles. This is achieved by spawning instances that align VNC port allocations, allowing for potential cross-tenant visibility and control over consoles. Administrators are advised to upgrade to the latest versions to mitigate these risks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.