CVE-2013-4278

Source
https://cve.org/CVERecord?id=CVE-2013-4278
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-4278.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2013-4278
Aliases
Downstream
Published
2013-09-16T19:14:39Z
Modified
2026-07-07T11:56:42.520354530Z
Summary
[none]
Details

The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.

References

Affected packages