CVE-2014-0167
OpenStack Compute <2013.2.4-icehouse-rc2 - Privilege Escalation
Title source: llmDescription
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.
References (3)
Core 3
Core References
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/04/09/26
Vendor Advisory x_refsource_confirm
https://launchpad.net/bugs/1290537
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2247-1
Scores
EPSS
0.0038
EPSS Percentile
59.8%
Details
CWE
CWE-264
Status
published
Products (10)
openstack/compute
2013.1
openstack/compute
2013.1.1
openstack/compute
2013.1.2
openstack/compute
2013.1.3
openstack/compute
2013.2
openstack/compute
2013.2.1
openstack/compute
2013.2.2
openstack/compute
2013.2.3
openstack/icehouse
pypi/nova
2013.1.0 - 2013.2.4PyPI
Published
Apr 15, 2014
Tracked Since
Feb 18, 2026