CVE-2013-4497

OpenStack Compute (Nova) Folsom, Grizzly, Havana < 2013.2 - Security Group Bypass during Image Resize or Live Migration

Title source: llm
STIX 2.1

Description

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/11/03/2
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/nova/+bug/1202266
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/11/03/3
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/nova/+bug/1073306

Scores

EPSS 0.0021
EPSS Percentile 43.2%

Details

CWE
CWE-264
Status published
Products (6)
openstack/folsom
openstack/grizzly
openstack/havana havana-1
openstack/havana havana-2
openstack/havana < havana-3
pypi/nova 0 - 12.0.0a0PyPI
Published Nov 05, 2013
Tracked Since Feb 18, 2026