CVE-2013-0335
OpenStack Compute (Nova) Essex, Folsom, and Grizzly - Authenticated VM Access via VNC Token Reuse
Title source: llmDescription
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/90657
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52728
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/nova/+bug/1125378
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/26/7
Various Sources x_refsource_confirm
https://review.openstack.org/#/c/22872/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1771-1
Various Sources x_refsource_confirm
https://review.openstack.org/#/c/22758
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0709.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52337
Various Sources x_refsource_confirm
https://review.openstack.org/#/c/22086/
Scores
EPSS
0.0104
EPSS Percentile
77.6%
Details
CWE
CWE-264
Status
published
Products (7)
canonical/ubuntu_linux
11.10
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
openstack/essex
2012.1
openstack/folsom
2012.2
openstack/grizzly
2012.2
pypi/Nova
0 - 12.0.0a0PyPI
Published
Mar 22, 2013
Tracked Since
Feb 18, 2026