CVE-2013-4497: OpenStack Compute Nova Improper Access Control
(updated )
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
References
- bugs.launchpad.net/nova/+bug/1073306
- bugs.launchpad.net/nova/+bug/1202266
- github.com/advisories/GHSA-27q4-38qf-m25h
- github.com/openstack/nova
- github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e
- github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
- github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
- github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b
- nvd.nist.gov/vuln/detail/CVE-2013-4497
Code Behaviors & Features
Detect and mitigate CVE-2013-4497 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →