Home > Vulnerability Database > CVE-2013-4278

Mend.io Vulnerability Database

CVE-2013-4278

Date: September 16, 2013

The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.

Language: Python

Severity Score

5.4

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-4278

Url: https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495

Url: http://rhn.redhat.com/errata/RHSA-2013-1199.html

Url: http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html

Url: https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9

Url: https://github.com/openstack/nova

Url: https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492

Url: https://bugs.launchpad.net/ossa/+bug/1212179

Url: https://www.mend.io/vulnerability-database/CVE-2013-4278

Severity Score

5.4

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-4278

Date: September 16, 2013

Language: Python

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?