CVE-2014-2573
MEDIUM6.5EPSS 0.11%OpenStack Nova VMWare driver leaks rescued images
發布日:2022/5/17修改日:2026/4/28
描述
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
受影響套件(3)
- Debian/novafrom 0, < 2014.1-9
- PyPI/novafrom 0, < 12.0.0a0
- PyPI/novafrom 0, < 12.0.0a0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
參考連結(10)
- ADVISORYhttp://secunia.com/advisories/57498
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-2573
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-2573
- PATCHhttps://github.com/openstack/nova
- WEBhttps://bugs.launchpad.net/nova/+bug/1269418
- WEBhttps://github.com/openstack/nova/commit/b3cc3f62a60662e5bb82136c0cfa464592a6afe9
- WEBhttps://github.com/openstack/nova/commit/efb66531bc37ee416778a70d46c657608ca767af
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-113.yaml
- WEBhttp://www.openwall.com/lists/oss-security/2014/03/21/1
- WEBhttp://www.openwall.com/lists/oss-security/2014/03/21/2