OpenStack Compute (Nova) Vulnerability: Unauthorized Access to Flavor Properties and Arbitrary Flavor Booting

OpenStack Compute (Nova) Vulnerability: Unauthorized Access to Flavor Properties and Arbitrary Flavor Booting

CVE-2013-2256 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.

Learn more about our User Device Pen Test.