CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3517 – openstack-nova: timing attack issue allows access to other instances' configuration information
https://notcve.org/view.php?id=CVE-2014-3517
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. api/metadata/handler.py en OpenStack Compute (Nova) anterior a 2013.2.4, 2014.x anterior a 2014.1.2 y Juno anterior a Juno-2, cuando redirige las solicitudes de metadatos a través de Neutron, facilita a atacantes remotos adivinar las firmas de ID de instancia a través de un ataque de fuerza bruta que se basa en las diferencias de tiempo en las respuestas a las solicitudes de metadatos de la instancia. A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that proxy metadata requests via Neutron. • http://www.openwall.com/lists/oss-security/2014/07/17/2 https://bugs.launchpad.net/nova/+bug/1325128 https://access.redhat.com/security/cve/CVE-2014-3517 https://bugzilla.redhat.com/show_bug.cgi?id=1112499 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6437 – openstack-nova: DoS through ephemeral disk backing files
https://notcve.org/view.php?id=CVE-2013-6437
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file. El controlador libvirt en OpenStack Compute (Nova) anterior a 2013.2.2 y icehouse anterior a icehouse-2 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) mediante creación y eliminación de instancias con configuraciones os_type únicas, lo que provoca la creación de un archivo de respaldo de disco efímero nuevo. • http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html http://rhn.redhat.com/errata/RHSA-2014-0231.html https://bugs.launchpad.net/nova/+bug/1253980 https://access.redhat.com/security/cve/CVE-2013-6437 https://bugzilla.redhat.com/show_bug.cgi?id=1043106 • CWE-399: Resource Management Errors •
CVSS: 3.5EPSS: 1%CPEs: 3EXPL: 0CVE-2012-2101
https://notcve.org/view.php?id=CVE-2012-2101
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. Openstack Compute (Nova) Folsom v2012.1 y v2011.3 no limitan el número de reglas de seguridad del grupo, lo que permite causar una denegación de servicio (excesivo consumo de CPU y de disco duro) a usuarios remotos autenticados con determinados permisos a través de una solicitud de red que provoca una gran número de reglas de iptables. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html http://secunia.com/advisories/49034 http://secunia.com/advisories/49048 http://ubuntu.com/usn/usn-1438-1 http://www.osvdb.org/81641 https://bugs.launchpad.net/nova/+bug/969545 https://exchange.xforce.ibmcloud.com/vulnerabilities/75243 https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7 https://github.com/opens • CWE-264: Permissions, Privileges, and Access Controls •