Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qdjM0LXh2anEtcHBjaM4AAeqY
OpenStack Nova VMWare driver leaks rescued images
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
Permalink: https://github.com/advisories/GHSA-jv34-xvjq-ppchJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qdjM0LXh2anEtcHBjaM4AAeqY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 2 years ago
Updated: 5 months ago
Identifiers: GHSA-jv34-xvjq-ppch, CVE-2014-2573
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-2573
- https://bugs.launchpad.net/nova/+bug/1269418
- http://secunia.com/advisories/57498
- http://www.openwall.com/lists/oss-security/2014/03/21/1
- http://www.openwall.com/lists/oss-security/2014/03/21/2
- https://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9
- https://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af
- https://github.com/advisories/GHSA-jv34-xvjq-ppch
Blast Radius: 0.0
Affected Packages
pypi:nova
Dependent packages: 0Dependent repositories: 40
Downloads: 7,869 last month
Affected Version Ranges: < 12.0.0a0
Fixed in: 12.0.0a0
All affected versions:
All unaffected versions: 15.1.5, 16.1.6, 16.1.7, 16.1.8, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 17.0.12, 17.0.13, 18.0.2, 18.0.3, 18.1.0, 18.2.0, 18.2.1, 18.2.2, 18.2.3, 18.3.0, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.2.0, 19.3.0, 19.3.1, 19.3.2, 20.0.0, 20.0.1, 20.1.0, 20.1.1, 20.2.0, 20.3.0, 20.4.0, 20.4.1, 20.5.0, 20.6.0, 20.6.1, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 22.0.0, 22.0.1, 22.1.0, 22.2.0, 22.2.1, 22.2.2, 22.3.0, 22.4.0, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 23.2.0, 23.2.1, 23.2.2, 24.0.0, 24.1.0, 24.1.1, 24.2.0, 24.2.1, 25.0.0, 25.0.1, 25.1.0, 25.1.1, 25.2.0, 25.2.1, 25.3.0, 26.0.0, 26.1.0, 26.1.1, 26.2.0, 26.2.1, 26.2.2, 26.3.0, 27.0.0, 27.1.0, 27.2.0, 27.3.0, 27.4.0, 27.5.0, 28.0.0, 28.0.1, 28.1.0, 28.2.0, 28.3.0, 29.0.0, 29.0.1, 29.0.2, 29.1.0, 29.2.0, 30.0.0