The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 prior to 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack compute 2013.1.1 |
||
openstack compute 2013.1.2 |
||
openstack compute 2013.1 |
||
openstack compute 2013.2.2 |
||
openstack compute 2013.2.3 |
||
openstack icehouse - |
||
openstack compute 2013.2.1 |
||
openstack compute 2013.2 |
||
openstack compute 2013.1.3 |