CVE-2013-4497
Published Nov 5, 2013
Last updated 11 years ago
Overview
- Description
- The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:havana:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D92E64B-9490-4A19-8EE2-98B46E5C3A32",
"versionEndIncluding": "havana-3"
},
{
"criteria": "cpe:2.3:a:openstack:havana:havana-1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45762277-1BC6-4552-B5AB-756AE8D9F543"
},
{
"criteria": "cpe:2.3:a:openstack:havana:havana-2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "588B9906-F0A0-4109-94D9-11481135ED06"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A83ED744-9E3D-4510-B3E6-6DDE1090F0B7"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5BA13BC-F088-45AA-AD10-B74F89CE5375"
}
],
"operator": "OR"
}
]
}
]