CVE-2014-2573
published 2014-03-25CVE-2014-2573: The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to…
low2.3CVSS 3.1
AVAACMAuSCNINAP
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nova | < nova 2014.1.3-1 (bookworm) | nova 2014.1.3-1 (bookworm) |
| debian | nova | < nova 2014.1-9 (bookworm) | nova 2014.1-9 (bookworm) |
| openstack | compute | — | — |
| openstack | compute | — | — |
| openstack | compute | — | — |
| openstack | nova | >= 0 < 2014.1-9 | 2014.1-9 |
| openstack | nova | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | nova | >= 0 < 2014.1-9 | 2014.1-9 |
| openstack | nova | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | nova | >= 0 < 2014.1-9 | 2014.1-9 |
| openstack | nova | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | nova | >= 0 < 2014.1-9 | 2014.1-9 |
| openstack | nova | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | nova | >= 0 < 2014.1.3 | 2014.1.3 |
| openstack | nova | >= 0 < 12.0.0a0 | 12.0.0a0 |
| openstack | nova | 2013.2 – 2013.2.4 | — |
| openstack | nova | >= 2014.1 < 2014.1.3 | 2014.1.3 |
CVSS provenance
nvd2.7LOWAV:A/AC:L/Au:S/C:N/I:N/A:P
ghsa2.3LOW
osv2.3LOW