CVE-2013-0335

Published: 26 February 2013

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

Priority

Low

Notes

AuthorNote
jdstrand
on 11.10, VNC consoles are only available via the web interface,
but the web interface (horizon) is not functional since it depends on
keystone and the keystone in 11.10 is a pre-release version and unusable with
other components like horizon and nova.

References

Bugs