CVE-2013-4497 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2013-4497

CVE-2013-4497

November 05, 2013

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

Related Resources (10)

https://github.com/openstack/nova/commit/df2ea2e3acdede21b40d47b7adbeac04213d031b

http://www.openwall.com/lists/oss-security/2013/11/03/2

https://bugs.launchpad.net/nova/+bug/1073306

https://github.com/openstack/nova/commit/01de658210fd65171bfbf5450c93673b5ce0bd9e

https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7

http://www.openwall.com/lists/oss-security/2013/11/03/3

https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80

https://github.com/openstack/nova

https://nvd.nist.gov/vuln/detail/CVE-2013-4497

https://bugs.launchpad.net/nova/+bug/1202266

Do you need more information?

CVSS v4

Base Score:

2.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

CVSS v2

Base Score:

6.4

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

EPSS

Base Score:

0.08

Products

Solutions

Resources

Company

Compare

Developer Tools