CVE-2013-4497

Openstack Havana < havana-3 - Access Control

Title source: rule

Description

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

References (4)

[Issue Tracking] https://bugs.launchpad.net/nova/+bug/1073306

[Issue Tracking] https://bugs.launchpad.net/nova/+bug/1202266

[Mailing List] http://www.openwall.com/lists/oss-security/2013/11/03/2

[Mailing List] http://www.openwall.com/lists/oss-security/2013/11/03/3

Scores

EPSS 0.0008

EPSS Percentile 23.7%

Classification

CWE

CWE-264

Status draft

Affected Products (6)

openstack/havana < havana-3

openstack/havana

openstack/grizzly

openstack/folsom

pypi/nova < 12.0.0a0PyPI

Timeline

Published Nov 05, 2013

Tracked Since Feb 18, 2026