CVE-2013-2256

OpenStack Nova < 2013.1.3 - Authenticated Information Disclosure via Flavor ID Guessing

Title source: llm
STIX 2.1

Description

OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1199.html
Exploit, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/nova/+bug/1194093
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/281

Scores

EPSS 0.0047
EPSS Percentile 64.9%

Details

CWE
CWE-264
Status published
Products (3)
openstack/nova 2013.2 milestone1
openstack/nova 2013.1 - 2013.1.3
pypi/nova 0 - 2013.1.3PyPI
Published Sep 16, 2013
Tracked Since Feb 18, 2026