CVE-2014-8750

OpenStack Compute (Nova) <2014.1.4, <2014.2-2014.2rc1 - Privilege E...

Title source: llm

Description

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

References (8)

[Vendor Advisory] http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-1689.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-1781.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-1782.html

[Third Party Advisory] http://secunia.com/advisories/60227

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2014/10/14/9

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/70182

[Third Party Advisory] https://bugs.launchpad.net/nova/+bug/1357372

Scores

EPSS 0.0093

EPSS Percentile 75.8%

Classification

CWE

CWE-362

Status draft

Affected Products (4)

openstack/nova < 2014.1.4

openstack/nova

openstack/nova

openstack/nova

Timeline

Published Oct 15, 2014

Tracked Since Feb 18, 2026