Launchpad CVE tracker

CVE 2013-2256

OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.

Related bugs and status

CVE-2013-2256 (Candidate) is related to these bugs:

Bug #1194093: [OSSA 2013-019] Resource limit circumvention in Nova private flavors (CVE-2013-2256)

		In	Importance	Status
1194093	[OSSA 2013-019] Resource limit circumvention in Nova private flavors (CVE-2013-2256)	OpenStack Compute (nova)	Critical	Fix Released
1194093	[OSSA 2013-019] Resource limit circumvention in Nova private flavors (CVE-2013-2256)	OpenStack Compute (nova) grizzly	Critical	Fix Released
1194093	[OSSA 2013-019] Resource limit circumvention in Nova private flavors (CVE-2013-2256)	OpenStack Security Advisory	High	Fix Released

Bug #1210447: Meta bug for tracking Openstack 2013.1.3 Stable Update

		In	Importance	Status
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	nova (Ubuntu)	Undecided	Invalid
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	glance (Ubuntu)	Undecided	Invalid
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	keystone (Ubuntu)	Undecided	Invalid
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	horizon (Ubuntu)	Undecided	Invalid
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	cinder (Ubuntu)	Undecided	Invalid
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	quantum (Ubuntu)	Undecided	Invalid
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	cinder (Ubuntu Raring)	Undecided	Fix Released
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	glance (Ubuntu Raring)	Undecided	Fix Released
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	horizon (Ubuntu Raring)	Undecided	Fix Released
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	keystone (Ubuntu Raring)	Undecided	Fix Released
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	nova (Ubuntu Raring)	Undecided	Fix Released
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	quantum (Ubuntu Raring)	Undecided	Fix Released
1210447	Meta bug for tracking Openstack 2013.1.3 Stable Update	Ubuntu Cloud Archive	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2256

References