Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wMjU4LXhtaDMtNzJwds4AAefb
OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.
Permalink: https://github.com/advisories/GHSA-p258-xmh3-72pvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wMjU4LXhtaDMtNzJwds4AAefb
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-p258-xmh3-72pv, CVE-2014-0167
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-0167
- https://launchpad.net/bugs/1290537
- http://www.openwall.com/lists/oss-security/2014/04/09/26
- http://www.ubuntu.com/usn/USN-2247-1
- https://access.redhat.com/errata/RHSA-2014:1084
- https://access.redhat.com/security/cve/CVE-2014-0167
- https://bugzilla.redhat.com/show_bug.cgi?id=1084868
- https://github.com/advisories/GHSA-p258-xmh3-72pv
Affected Packages
pypi:nova
Dependent packages: 0Dependent repositories: 40
Downloads: 3,670 last month
Affected Version Ranges: >= 2013.1.0, < 2013.2.4
Fixed in: 2013.2.4
All affected versions:
All unaffected versions: 15.1.5, 16.1.6, 16.1.7, 16.1.8, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 17.0.12, 17.0.13, 18.0.2, 18.0.3, 18.1.0, 18.2.0, 18.2.1, 18.2.2, 18.2.3, 18.3.0, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.2.0, 19.3.0, 19.3.1, 19.3.2, 20.0.0, 20.0.1, 20.1.0, 20.1.1, 20.2.0, 20.3.0, 20.4.0, 20.4.1, 20.5.0, 20.6.0, 20.6.1, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 22.0.0, 22.0.1, 22.1.0, 22.2.0, 22.2.1, 22.2.2, 22.3.0, 22.4.0, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 23.2.0, 23.2.1, 23.2.2, 24.0.0, 24.1.0, 24.1.1, 24.2.0, 24.2.1, 25.0.0, 25.0.1, 25.1.0, 25.1.1, 25.2.0, 25.2.1, 25.3.0, 26.0.0, 26.1.0, 26.1.1, 26.2.0, 26.2.1, 26.2.2, 27.0.0, 27.1.0, 27.2.0, 28.0.0, 28.0.1, 29.0.0