Vulnerability Description
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Havana | <= havana-3 |
| Openstack | Grizzly | - |
| Openstack | Folsom | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2013/11/03/2
- http://www.openwall.com/lists/oss-security/2013/11/03/3
- https://bugs.launchpad.net/nova/+bug/1073306
- https://bugs.launchpad.net/nova/+bug/1202266
- http://www.openwall.com/lists/oss-security/2013/11/03/2
- http://www.openwall.com/lists/oss-security/2013/11/03/3
- https://bugs.launchpad.net/nova/+bug/1073306
- https://bugs.launchpad.net/nova/+bug/1202266
FAQ
What is CVE-2013-4497?
CVE-2013-4497 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows r...
How severe is CVE-2013-4497?
CVE-2013-4497 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4497?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Havana, Openstack Grizzly, Openstack Folsom.