CVE Vulnerabilities

CVE-2014-0167

Published: Apr 15, 2014 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.

Affected Software

Name Vendor Start Version End Version
Compute Openstack 2013.1.1 2013.1.1
Compute Openstack 2013.1.2 2013.1.2
Compute Openstack 2013.1 2013.1
Compute Openstack 2013.2.2 2013.2.2
Compute Openstack 2013.2.3 2013.2.3
Icehouse Openstack - -
Compute Openstack 2013.2.1 2013.2.1
Compute Openstack 2013.2 2013.2
Compute Openstack 2013.1.3 2013.1.3

References