Vulnerability in Openstack Compute

CVE-2014-2573

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by r…

EPSS: 0.001 (28.3th percentile) — read the EPSS interpretation.

Affected products

Openstack Compute — versions 2013.2, 2013.2.1, 2013.2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

[oss-security] 20140321 Re: CVE request for vulnerability in OpenStack Nova (mailing-list, x_refsource_MLIST)
57498 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
[oss-security] 20140321 CVE request for vulnerability in OpenStack Nova (mailing-list, x_refsource_MLIST)