CVE-2014-3608
published 2014-10-06CVE-2014-3608: The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service…
low2.7CVSS 3.1
AVAACLAuSCNINAP
The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nova | < nova 2014.1.3-1 (bookworm) | nova 2014.1.3-1 (bookworm) |
| openstack | nova | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | nova | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | nova | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | nova | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | nova | >= 0 < 2014.1.3 | 2014.1.3 |
| openstack | nova | >= 0 < 1:2014.1.3-0ubuntu1.1 | 1:2014.1.3-0ubuntu1.1 |
| openstack | nova | 2013.2 – 2013.2.4 | — |
| openstack | nova | >= 2014.1 < 2014.1.3 | 2014.1.3 |
CVSS provenance
nvd2.7LOWAV:A/AC:L/Au:S/C:N/I:N/A:P
ghsa2.3LOW
osv2.7LOW