CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6419 – Nova: Metadata queries from Neutron to Nova are not restricted by tenant
https://notcve.org/view.php?id=CVE-2013-6419
07 Jan 2014 — Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron. Error de interacción en OpenStack Nova y Neutron anteriores a Havana 2013.2.1 e icehouse-1 no valida el ID de ... • http://rhn.redhat.com/errata/RHSA-2014-0091.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2013-2030
https://notcve.org/view.php?id=CVE-2013-2030
27 Dec 2013 — keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. keystone/middleware/auth_token.py en OpenStack Nova Folsom, Grizzly, y Havana, utiliza un directorio temporal inseguro para almacenar certificados de firma, lo cual permite a usuarios locales impersonar... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4497 – openstack-nova: XenAPI security groups not kept through migrate or resize
https://notcve.org/view.php?id=CVE-2013-4497
05 Nov 2013 — The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. El backend XenAPI en OpenStack Compute (Nova) Folsom, Grizzly, y Habana anterior a 2013.2 no se aplica correctamente los grupos de seguridad (1) al cambiar el tamaño de una imagen o (2) durante la migración en tiempo real, lo que permite a atacantes remotos evita... • http://www.openwall.com/lists/oss-security/2013/11/03/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2013-4179 – OpenStack: Nova XML entities DoS
https://notcve.org/view.php?id=CVE-2013-4179
04 Sep 2013 — The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. La extensión de grupos de seguridad en OpenStack Compute (Nova) Grizzly 2013.1.3, Havana anteriores a havana-3, y anteriores, permite a atacantes remotos causar una denegación de servicio (consumo de recursos ... • http://rhn.redhat.com/errata/RHSA-2013-1199.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •