CVE-2014-2573

OpenStack Compute (Nova) 2013.2-2013.2.2 - Authenticated Denial of Service via VM Rescue Status Bypass

Title source: llm
STIX 2.1

Description

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/03/21/2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57498
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/nova/+bug/1269418
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/03/21/1

Scores

EPSS 0.0011
EPSS Percentile 28.1%

Details

CWE
CWE-264
Status published
Products (4)
openstack/compute 2013.2
openstack/compute 2013.2.1
openstack/compute 2013.2.2
pypi/nova 0 - 12.0.0a0PyPI
Published Mar 25, 2014
Tracked Since Feb 18, 2026