CVE-2013-4497
published 2013-11-05CVE-2013-4497: The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or…
medium6.4CVSS 3.1
AVNACLAuNCPIPAN
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nova | < nova 2013.2-1 (bookworm) | nova 2013.2-1 (bookworm) |
| openstack | havana | <= havana-3 | — |
| openstack | havana | — | — |
| openstack | havana | — | — |
| openstack | nova | >= 0 < 2013.2-1 | 2013.2-1 |
| openstack | nova | >= 0 < 2013.2-1 | 2013.2-1 |
| openstack | nova | >= 0 < 2013.2-1 | 2013.2-1 |
| openstack | nova | >= 0 < 2013.2-1 | 2013.2-1 |
| openstack | nova | >= 0 < 12.0.0a0 | 12.0.0a0 |
CVSS provenance
nvd6.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
osv6.4MEDIUM