CVE-2013-2256
published 2013-09-16CVE-2013-2256: OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote…
medium6CVSS 3.1
AVNACMAuSCPIPAP
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nova | < nova 2013.1.2-3 (bookworm) | nova 2013.1.2-3 (bookworm) |
| debian | nova | < nova 2013.1.3-1 (bookworm) | nova 2013.1.3-1 (bookworm) |
| openstack | nova | — | — |
| openstack | nova | >= 0 < 2013.1.2-3 | 2013.1.2-3 |
| openstack | nova | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | nova | >= 0 < 2013.1.2-3 | 2013.1.2-3 |
| openstack | nova | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | nova | >= 0 < 2013.1.2-3 | 2013.1.2-3 |
| openstack | nova | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | nova | >= 0 < 2013.1.2-3 | 2013.1.2-3 |
| openstack | nova | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | nova | >= 0 < 2013.1.3 | 2013.1.3 |
| openstack | nova | >= 0 < 12.0.0a0 | 12.0.0a0 |
| openstack | nova | >= 2013.1 < 2013.1.3 | 2013.1.3 |
CVSS provenance
nvd6.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
ghsa6.0MEDIUM
osv6.0MEDIUM