6

CVE-2013-2256

Exploit
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackNova Version >= 2013.1 < 2013.1.3
OpenstackNova Version2013.2 Updatemilestone1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.83% 0.76
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://rhn.redhat.com/errata/RHSA-2013-1199.html
Third Party Advisory
http://seclists.org/oss-sec/2013/q3/281
Patch
Third Party Advisory
Mailing List
https://bugs.launchpad.net/nova/+bug/1194093
Third Party Advisory
Exploit