CVE-2013-2256
Severity
6.0MEDIUM
EPSS
0.5%
top 35.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 16
Latest updateMay 17
Description
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4
Affected Packages3 packages
Patches
🔴Vulnerability Details
5📋Vendor Advisories
4💬Community
6Bugzilla▶
CVE-2013-4278 OpenStack: Nova private flavors resource limit circumvention incomplete fix for CVE-2013-2256↗2013-08-22
Bugzilla▶
CVE-2013-4278 openstack-nova: OpenStack: Nova private flavors resource limit circumvention incomplete fix for CVE-2013-2256 [epel-6]↗2013-08-22
Bugzilla▶
CVE-2013-4278 openstack-nova: OpenStack: Nova private flavors resource limit circumvention incomplete fix for CVE-2013-2256 [fedora-all]↗2013-08-22
Bugzilla▶
CVE-2013-2256 openstack-nova: OpenStack: Nova private flavors resource limit circumvention [fedora-all]↗2013-08-08
Bugzilla▶
CVE-2013-2256 openstack-nova: OpenStack: Nova private flavors resource limit circumvention [epel-6]↗2013-08-08