Published: 13/02/2013 Updated: 29/08/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack essex -
openstack folsom -
canonical ubuntu linux 12.04
canonical ubuntu linux 11.10
canonical ubuntu linux 12.10

Synopsis Important: openstack-nova security and bug fix update Type/Severity Security Advisory: Important Topic Updated openstack-nova packages that fix two security issues and multiplebugs are now available for Red Hat OpenStack FolsomThe Red Hat Security Response Team has rated this update as havingimpor ...

Nova volume could be made to expose volumes from other users ...

CWE-264 https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad http://www.ubuntu.com/usn/USN-1709-1 https://bugs.launchpad.net/nova/+bug/1069904 http://secunia.com/advisories/51992 https://bugzilla.redhat.com/show_bug.cgi?id=902629 http://secunia.com/advisories/51963 http://www.securityfocus.com/bid/57613 https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b http://rhn.redhat.com/errata/RHSA-2013-0208.html http://osvdb.org/89661 http://www.openwall.com/lists/oss-security/2013/01/29/9 https://exchange.xforce.ibmcloud.com/vulnerabilities/81697 https://access.redhat.com/errata/RHSA-2013:0208 https://usn.ubuntu.com/1709-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-0208

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect