CVE-2013-0167 — Missing Authorization in Redhat Enterprise Virtualization

CWE-862 — Missing Authorization11 documents6 sources

Severity

2.7LOWNVD

EPSS

0.1%

top 73.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization

Timeline

PublishedAug 19

Latest updateMay 17

Description

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via guestInfo dictionaries with "unexpected fields."

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 5.1 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization3.0, 3.2+1

🔴Vulnerability Details

GHSA

OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests↗2022-05-17

▶

GHSA

GHSA-p535-jw3f-q6gj: VDSM in Red Hat Enterprise Virtualization 3 and 3↗2022-05-05

▶

CVEList

CVE-2013-0167: VDSM in Red Hat Enterprise Virtualization 3 and 3↗2013-08-19

▶

📋Vendor Advisories

Red Hat

openstack-nova: RBAC policy not properly enforced in Nova EC2 API↗2014-04-09

▶

Red Hat

vdsm: incomplete fix for CVE-2013-0167 issue↗2013-07-16

▶

Red Hat

vdsm: unfiltered guestInfo dictionary DoS↗2013-06-10

▶

💬Community

Bugzilla

CVE-2014-0167 openstack-nova: RBAC policy not properly enforced in Nova EC2 API↗2014-04-07

▶

Bugzilla

CVE-2013-4236 vdsm: incomplete fix for CVE-2013-0167 issue↗2013-08-12

▶

Bugzilla

CVE-2013-0167 vdsm: unfiltered guestInfo dictionary DoS [fedora-all]↗2013-06-10

▶

Bugzilla

CVE-2013-0167 vdsm: unfiltered guestInfo dictionary DoS↗2013-01-09

▶