Vulnerability in Openstack Nova

CVE-2014-8333

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.

EPSS: 0.007 (73.2th percentile) — read the EPSS interpretation.

Affected products

Openstack Nova
Redhat Enterprise_linux — versions 6.0, 7.0
Redhat Openstack — versions 5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-399

References

60531 (Permissions Required, x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
RHSA-2015:0844 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
[openstack-announce] 20141021 [OSSA 2014-037] Nova VMware instance in resize state may leak (CVE-2014-8333) (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
RHSA-2015:0843 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)