NVD

Id
38340  
Name
CVE-2013-2256  
Description
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.  
Reject
 
CVSS Version
2  
CVSS Score
6  
Severity
Medium  
CVSS Base Score
6  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2013-09-16  
Modified Date
2013-09-25  
Seq
2013-2256  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
196081 38340 CVE-2013-2256 RHSA-2013:1199  View
196082 38340 CVE-2013-2256 [oss-security] 20130806 [OSSA 2013-019] Resource limit circumvention in Nova private flavors (CVE-2013-2256)  View
196083 38340 CVE-2013-2256 https://bugs.launchpad.net/nova/+bug/1194093  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
22591 JVNDB-2013-004166 OpenStack Compute および Havana における重要な情報を取得される脆弱性 OpenStack Compute および Havana は、os-flavor-access:is_public プロパティを適切に処理しないため、重要な情報 (flavor プロパティ) を取得される、任意のフレーバーをブートされるなど、不特定の影響を受ける脆弱性が存在します。 CVE-2013-2256 62198 CVE-2013-2256 38340 6 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-004166.html 2013-07-05 2013-09-19 View