OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-09-16T19:00:00Z

Updated: 2024-08-06T15:27:41.073Z

Reserved: 2013-02-19T00:00:00Z

Link: CVE-2013-2256

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-09-16T19:14:38.037

Modified: 2024-11-21T01:51:20.493

Link: CVE-2013-2256

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-08-06T00:00:00Z

Links: CVE-2013-2256 - Bugzilla