CVE-2013-4497Nova vulnerability

CWE-2649 documents7 sources
Severity
6.4MEDIUMNVD
EPSS
0.1%
top 76.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack NovaOpenstack Havana
Timeline
PublishedNov 5
Latest updateMay 17

Description

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

PyPIopenstack/nova< 12.0.0a0
Debianopenstack/nova< 2013.2-1+3
NVDopenstack/havanahavana-3+2

🔴Vulnerability Details

4
GHSA
OpenStack Compute Nova Improper Access Control2022-05-17
OSV
OpenStack Compute Nova Improper Access Control2022-05-17
OSV
CVE-2013-4497: The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 20132013-11-05
CVEList
CVE-2013-4497: The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 20132013-11-05

📋Vendor Advisories

2
Debian
CVE-2013-4497: nova - The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana befor...2013
Red Hat
openstack-nova: XenAPI security groups not kept through migrate or resize2012-10-30

💬Community

2
Bugzilla
CVE-2013-4497 openstack-nova: XenAPI security groups not kept through migrate or resize [fedora-all]2013-11-04
Bugzilla
CVE-2013-4497 openstack-nova: XenAPI security groups not kept through migrate or resize2013-11-04
CVE-2013-4497 — Openstack Nova vulnerability | cvebase