Debian Nova vulnerabilities

CVE-2015-2687 [MEDIUM] CVE-2015-2687: nova - OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails all... OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. Scope: local bookworm: resolved (fixed in 2014.1-1) bullseye: resolved (fixed in 2014.1-1) forky: resolved (fixed in 2014.1-1) sid: resolved (fixed in 2014.1-1) trixie: resolved (fixed in 2014.1-1)

CVE-2015-3280 [MEDIUM] CVE-2015-3280: nova - OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (ki... OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. Scope: local bookworm: resolved (fixed in 1:12.0.0-2) bullseye: resolved (fixed in 1:12.0.0-2)

CVE-2015-7548 [LOW] CVE-2015-7548: nova - OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (libert... OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. Scope: local bookworm: resolved (fixed in 2:13.0.0~rc3-1) bullseye: resolved (f

CVE-2015-9543 [LOW] CVE-2015-9543: nova - An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and... An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websoc

CVE-2014-8333 [MEDIUM] CVE-2014-8333: nova - The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote auth... The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. Scope: local bookworm: resolved (fixed in 2014.1.3-7) bullseye: resolved (fixed in 2014.1.3-7) forky: resolved (fixed in 2014.1.3-7) sid: resolved (fixed in 2014.1.3-7) trixie: resol

CVE-2014-0167 [MEDIUM] CVE-2014-0167: nova - The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.... The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API reque

CVE-2014-3517 [MEDIUM] CVE-2014-3517: nova - api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x befo... api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. Scope: local bookworm: resolved (

CVE-2014-3608 [LOW] CVE-2014-3608: nova - The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote auth... The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573. Sc

CVE-2014-2573 [LOW] CVE-2014-2573: nova - The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not p... The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image. Scope: local bookworm: resolved (fixed in 2014.1-9) bullseye: resolved

CVE-2014-0134 [LOW] CVE-2014-0134: nova - The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and ... The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image. Scope: local bookworm: resolved (fixed in 2013.2.2-4) bullseye: resolved (fi

CVE-2014-3708 [MEDIUM] CVE-2014-3708: nova - OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows rem... OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. Scope: local bookworm: resolved (fixed in 2014.1.3-6) bullseye: resolved (fixed in 2014.1.3-6) forky: resolved (fixed in 2014.1.3-6) sid: resolved (fixed in 2014.1.3

CVE-2014-7230 [LOW] CVE-2014-7230: cinder - The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and... The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. Scope: local bookworm: resolved (fixed in 2014.1.3-4) bullseye: resolved (fixed in 2014.1.3-4) forky: resolved (fixed in 2014.1.3-4) s

CVE-2014-8750 [MEDIUM] CVE-2014-8750: nova - Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 ... Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-1068 [MEDIUM] CVE-2013-1068: cinder - The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1... The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to

CVE-2013-4179 [MEDIUM] CVE-2013-4179: nova - The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havan... The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. Scope: local bookworm: resolved (fixed in 2013.1.3-1) bullseye: reso

CVE-2013-1664 [MEDIUM] CVE-2013-1664: cinder - The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenSt... The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. Scope: local bookworm: resolved (fixe

CVE-2013-6491 [MEDIUM] CVE-2013-6491: nova - The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2... The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. Scope: local bookworm: resolved (fixed in 2013.2.3-1) bullseye: resolved (fixed in 2013.2.3-1) forky: resolved (fixed in 2013.2.3-1) sid

CVE-2013-0335 [MEDIUM] CVE-2013-0335: nova - OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows rem... OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. Scope: local bookworm: resolved (fixed in 2012.1.1-14) bullseye: resolved (fixed in 2012.1.1-14) forky: resolved (fixed in 2012.1.1-14)

CVE-2013-6437 [MEDIUM] CVE-2013-6437: nova - The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse befo... The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file. Scope: local bookworm: resolved (fixed in 2013.2.2) bullseye: re

CVE-2013-0208 [MEDIUM] CVE-2013-0208: nova - The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when ... The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter. Scope: local bookworm: resolved (fixed in 2012.1.1-12) bullseye: resolved (fixed in 2012.1.1-12) forky: resolved (fixed in 2012.1.1-12) sid: resolve