CVE-2012-2654Improper Input Validation in Nova

CWE-20Improper Input Validation11 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
1.2%
top 21.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Openstack NovaOpenstack ComputeOpenstack Diablo+1 more
Timeline
PublishedJun 21
Latest updateMay 17

Description

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

PyPIopenstack/nova< 12.0.0a0
Debianopenstack/nova< 2012.1-6+3
NVDopenstack/essex2012.1
NVDopenstack/diablo2011.3
NVDopenstack/compute2012.2

Patches

Patch: bugs.launchpad.netPatch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
OpenStack Compute (Nova) Improper Input Validation2022-05-17
GHSA
OpenStack Compute (Nova) Improper Input Validation2022-05-17
OSV
CVE-2012-2654: The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (20122012-06-21
CVEList
CVE-2012-2654: The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (20122012-06-21

📋Vendor Advisories

2
Ubuntu
Nova vulnerability2012-06-06
Debian
CVE-2012-2654: nova - The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (...2012

💬Community

4
Bugzilla
CVE-2012-2654 OpenStack Nova security groups fail to be set correctly [fedora-17]2012-06-06
Bugzilla
CVE-2012-2654 OpenStack Nova security groups fail to be set correctly [fedora-16]2012-06-06
Bugzilla
CVE-2012-2654 OpenStack Nova security groups fail to be set correctly [epel-6]2012-06-06
Bugzilla
CVE-2012-2654 OpenStack Nova security groups fail to be set correctly2012-05-28
CVE-2012-2654 — Improper Input Validation in Nova | cvebase