CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3241 – openstack-nova: Nova instance migration process does not stop when instance is deleted
https://notcve.org/view.php?id=CVE-2015-3241
OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance. Vulnerabilidad en OpenStack Compute (nova) 2015.1 hasta la versión 2015.1.1, 2014.2.3 y anteriores, no detiene el proceso de migración cuando se borra la instancia, lo que permite a usuarios remotos autenticados causar una denegación de servicio (disco, red y otros consumos de memoria) modificando el tamaño y borrándo entonces la instancia. A denial of service flaw was found in the OpenStack Compute (nova) instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an instance. • http://rhn.redhat.com/errata/RHSA-2015-1723.html http://rhn.redhat.com/errata/RHSA-2015-1898.html http://www.securityfocus.com/bid/75372 https://github.com/openstack/ossa/blob/482576204dec96f580817b119e3166d71c757731/ossa/OSSA-2015-015.yaml https://launchpad.net/bugs/1387543 https://security.openstack.org/ossa/OSSA-2015-015.html https://access.redhat.com/security/cve/CVE-2015-3241 https://bugzilla.redhat.com/show_bug.cgi?id=1232782 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.1EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0259 – openstack-nova: console Cross-Site WebSocket hijacking
https://notcve.org/view.php?id=CVE-2015-0259
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage. OpenStack Compute (Nova) anterior a 2014.1.4, 2014.2.x anterior a 2014.2.3, y kilo anterior a kilo-3 no valida el origen de las solicitudes websocket, lo que permite a atacantes remotos secuestrar la autenticación de usuarios para el acceso a consolas a través de una página web manipulada. It was discovered that the OpenStack Compute (nova) console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw. • http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html http://rhn.redhat.com/errata/RHSA-2015-0790.html http://rhn.redhat.com/errata/RHSA-2015-0843.html http://rhn.redhat.com/errata/RHSA-2015-0844.html https://bugs.launchpad.net/nova/+bug/1409142 https://access.redhat.com/security/cve/CVE-2015-0259 https://bugzilla.redhat.com/show_bug.cgi?id=1190112 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 1CVE-2014-3708 – openstack-nova: Nova network denial of service through API filtering
https://notcve.org/view.php?id=CVE-2014-3708
OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. OpenStack Compute (Nova) anterior a 2014.1.4 y 2014.2.x anterior a 2014.2.1 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de CPU) a través de un filtro IP en una solicitud API para listar servidores activos. A denial of service flaw was found in the way OpenStack Compute (nova) looked up VM instances based on an IP address filter. An attacker with sufficient privileges on an OpenStack installation with a large amount of VMs could use this flaw to cause the main nova process to block for an extended amount of time. • http://lists.openstack.org/pipermail/openstack-announce/2014-October/000301.html http://rhn.redhat.com/errata/RHSA-2015-0843.html http://rhn.redhat.com/errata/RHSA-2015-0844.html http://www.securityfocus.com/bid/70777 https://bugs.launchpad.net/nova/+bug/1358583 https://access.redhat.com/security/cve/CVE-2014-3708 https://bugzilla.redhat.com/show_bug.cgi?id=1154951 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8750 – openstack-nova: Nova VMware driver may connect VNC to another tenant's console
https://notcve.org/view.php?id=CVE-2014-8750
Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances. Condición de carrera en el driver de VMware en OpenStack Compute (Nova) anterior a 2014.1.4 y 2014.2 anterior a 2014.2rc1, permite a usuarios remotos autenticados acceder a consolas no intencionadas, mediante una instancia que desencadena que el mismo puerto VNC sea asignado a dos instancias diferentes. A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware driver and the VNC proxy service were affected. • http://lists.openstack.org/pipermail/openstack-announce/2014-October/000293.html http://rhn.redhat.com/errata/RHSA-2014-1689.html http://rhn.redhat.com/errata/RHSA-2014-1781.html http://rhn.redhat.com/errata/RHSA-2014-1782.html http://secunia.com/advisories/60227 http://www.openwall.com/lists/oss-security/2014/10/14/9 http://www.securityfocus.com/bid/70182 https://bugs.launchpad.net/nova/+bug/1357372 https://access.redhat.com/security/cve/CVE-2014-8750 https:/&#x • CWE-285: Improper Authorization CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3517 – openstack-nova: timing attack issue allows access to other instances' configuration information
https://notcve.org/view.php?id=CVE-2014-3517
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. api/metadata/handler.py en OpenStack Compute (Nova) anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2, cuando redirige las solicitudes de metadatos a través de Neutron, facilita a atacantes remotos adivinar las firmas de ID de instancia a través de un ataque de fuerza bruta que se basa en las diferencias de tiempo en las respuestas a las solicitudes de metadatos de la instancia. A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that proxy metadata requests via Neutron. • http://www.openwall.com/lists/oss-security/2014/07/17/2 https://bugs.launchpad.net/nova/+bug/1325128 https://access.redhat.com/security/cve/CVE-2014-3517 https://bugzilla.redhat.com/show_bug.cgi?id=1112499 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •