CVE-2013-4278 (retired)

Priority
Description
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly,
and Havana does not properly enforce the os-flavor-access:is_public
property, which allows remote authenticated users to boot arbitrary flavors
by guessing the flavor id. NOTE: this issue is due to an incomplete fix
for CVE-2013-2256.
Notes
 sarnold> An incomplete fix for CVE-2013-2256 caused this vulnerability
 jdstrand> The version of nova in Ubuntu 13.04 in raring-updates needs this fix
 jdstrand> flavor_access.py API extension not available on Essex (Ubuntu 12.04
  LTS)
 jdstrand> Ubuntu 12.10 still vulnerable to CVE-2013-2256 so it is not
  affected by this CVE
More Information

Updated: 2019-03-26 12:09:37 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)