ossa/ossa/OSSA-2013-030.yaml

62 lines
1.4 KiB
YAML

date: 2013-11-14
id: OSSA-2013-030
title: 'XenAPI security groups not kept through migrate or resize'
description: 'Chris Behrens with Rackspace and Vangelis Tasoulas reported a set of
vulnerabilities in OpenStack Nova''s XenAPI hypervisor backend. When migrating or
resizing an instance, including live migration, existing security groups may not
be reapplied after the operation completes. This can lead to unintentional network
exposure for virtual machines. Only setups using the XenAPI backend are affected.'
reference: http://lists.openstack.org/pipermail/openstack-announce/2013-November/000161.html
affected-products:
- product: nova
version: All supported versions prior to Havana
vulnerabilities:
- cve-id: CVE-2013-4497
impact-assessment:
source: 'Red Hat Product Security'
rating: low
assessment:
type: CVSS2
score: 3.6
detail: AV:N/AC:H/Au:S/C:P/I:P/A:N
classification:
source: 'Red Hat Product Security'
type: CWE
detail: TODO
reporters:
- name: 'Chris Behrens'
affiliation: Rackspace
reported:
- CVE-2013-4497
- name: 'Vangelis Tasoulas'
affiliation: UNKNOWN
reported:
- CVE-2013-4497
issues:
links:
- https://launchpad.net/bugs/1073306
- https://launchpad.net/bugs/1202266
type: launchpad
reviews:
grizzly:
- https://review.openstack.org/#/c/52987
- https://review.openstack.org/#/c/52989
type: gerrit