Vulnerability in Openstack Compute

CVE-2013-4278

The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavo…

EPSS: 0.002 (42.2th percentile) — read the EPSS interpretation.

Affected products

Openstack Compute
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

secalert@redhat.com (x_refsource_CONFIRM)
[openstack-announce] 20130828 [OSSA 2013-024] Resource limit circumvention in Nova private flavors (CVE-2013-4278) (mailing-list, x_refsource_MLIST, Patch)
RHSA-2013:1199 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)