The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
Max CVSS
6.4
EPSS Score
0.73%
Published
2013-11-05
Updated
2013-11-07
XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.
Max CVSS
7.5
EPSS Score
0.38%
Published
2013-08-20
Updated
2018-10-30
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
Max CVSS
6.8
EPSS Score
1.80%
Published
2013-03-22
Updated
2023-02-13
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
Max CVSS
6.0
EPSS Score
0.43%
Published
2013-03-22
Updated
2013-06-05
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
Max CVSS
6.5
EPSS Score
0.44%
Published
2013-02-13
Updated
2017-08-29
5 vulnerabilities found