MEDIUM

GHSA-27q4-38qf-m25h

OpenStack Compute Nova Improper Access Control

Details

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / nova

Introduced in: 0 Fixed in: 12.0.0a0

Fix pip install --upgrade 'nova>=12.0.0a0'

References

https://nvd.nist.gov/vuln/detail/CVE-2013-4497 [ADVISORY]
https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e [WEB]
https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7 [WEB]
https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80 [WEB]
https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b [WEB]
https://bugs.launchpad.net/nova/+bug/1073306 [WEB]
https://bugs.launchpad.net/nova/+bug/1202266 [WEB]
https://github.com/openstack/nova [PACKAGE]
http://www.openwall.com/lists/oss-security/2013/11/03/2 [WEB]
http://www.openwall.com/lists/oss-security/2013/11/03/3 [WEB]