CVE-2013-2256
Published: 6 August 2013
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
Priority
Notes
Author | Note |
---|---|
seth-arnold | See also CVE-2013-4278 when patching 12.10 and 13.04 |
jdstrand | Ubuntu 13.04 has fix in raring-updates flavor_access.py API extension not available on Essex (Ubuntu 12.04 LTS) |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2256
- https://ubuntu.com/security/notices/USN-2000-1
- NVD
- Launchpad
- Debian