The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-09-16T19:00:00Z

Updated: 2024-08-06T16:38:01.982Z

Reserved: 2013-06-12T00:00:00Z

Link: CVE-2013-4278

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-09-16T19:14:39.287

Modified: 2024-11-21T01:55:15.903

Link: CVE-2013-4278

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-08-20T00:00:00Z

Links: CVE-2013-4278 - Bugzilla