Vulnerability in Openstack Compute

CVE-2014-0167

The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified metho…

EPSS: 0.004 (60.0th percentile) — read the EPSS interpretation.

Affected products

Openstack Compute — versions 2013.1, 2013.1.1, 2013.1.2
Openstack Icehouse
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

[oss-security] 20140409 [OSSA 2014-011] RBAC policy not properly enforced in Nova EC2 API (CVE-2014-0167) (mailing-list, x_refsource_MLIST, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
USN-2247-1 (x_refsource_UBUNTU, vendor-advisory)