CVE-2014-8750

CWE-362 โ€” Race ConditionCWE-367CWE-2856 documents6 sources
Severity
6.5MEDIUM
EPSS
0.9%
top 23.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedOct 15
Latest updateMay 14

Description

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

โ–ถNVDopenstack/nova2014.1 โ€” 2014.1.4+1

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-2pcw-fgm2-4xh2: Race condition in the VMware driver in OpenStack Compute (Nova) before 2014โ†—2022-05-14
โ–ถ
CVEList
CVE-2014-8750: Race condition in the VMware driver in OpenStack Compute (Nova) before 2014โ†—2014-10-15
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Red Hat
openstack-nova: Nova VMware driver may connect VNC to another tenant's consoleโ†—2014-08-15
โ–ถ
Debian
CVE-2014-8750: nova - Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 ...โ†—2014
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2014-8750 openstack-nova: Nova VMware driver may connect VNC to another tenant's consoleโ†—2014-10-14
โ–ถ
CVE-2014-8750 (MEDIUM CVSS 6.5) | Race condition in the VMware driver | cvebase.io