42 lines
1.2 KiB
JSON
42 lines
1.2 KiB
JSON
{
|
|
"advisory": {
|
|
"date": "2013-08-28",
|
|
"description": "Ken'ichi Ohmichi from NEC reported that the fix for OSSA 2013-019 (CVE-2013-2256) was incomplete. Any tenant was still able to boot any other tenant's private flavors by guessing a flavor ID. This potentially allowed circumvention of any resource limits enforced through the os-flavor-access:is_public property.",
|
|
"id": "2013-024",
|
|
"title": "Resource limit circumvention in Nova private flavors",
|
|
"url": "http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html"
|
|
},
|
|
"affects": [
|
|
{
|
|
"product": "nova",
|
|
"version": "TODO"
|
|
}
|
|
],
|
|
"bugs": [
|
|
"1212179"
|
|
],
|
|
"notes": "",
|
|
"reporters": [
|
|
{
|
|
"company": "NEC",
|
|
"name": "Ken'ichi Ohmichi"
|
|
}
|
|
],
|
|
"reviews": [
|
|
"42922",
|
|
"43281",
|
|
"43296"
|
|
],
|
|
"schema_version": 1,
|
|
"vulnerabilities": [
|
|
{
|
|
"cve": "CVE-2013-4278",
|
|
"cvss": {
|
|
"base_score": "5.5",
|
|
"scoring_vector": "AV:N/AC:L/Au:S/C:P/I:N/A:P"
|
|
},
|
|
"cwe": "TODO",
|
|
"impact": "moderate"
|
|
}
|
|
]
|
|
} |