CVE-2013-4497

high

Description

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

References

https://bugs.launchpad.net/nova/+bug/1202266

https://bugs.launchpad.net/nova/+bug/1073306

http://www.openwall.com/lists/oss-security/2013/11/03/3

http://www.openwall.com/lists/oss-security/2013/11/03/2

Details

Source: Mitre, NVD

Published: 2013-11-05

Updated: 2013-11-07

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

Detections

Analytics