GHSA-27q4-38qf-m25h

Suggest an improvement
Source
https://github.com/advisories/GHSA-27q4-38qf-m25h
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-27q4-38qf-m25h/GHSA-27q4-38qf-m25h.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-27q4-38qf-m25h
Aliases
Published
2022-05-17T04:58:30Z
Modified
2024-05-19T02:24:38.563450Z
Summary
OpenStack Compute Nova Improper Access Control
Details

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

Database specific
{
    "nvd_published_at": "2013-11-05T20:55:00Z",
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-14T21:27:12Z"
}
References

Affected packages

PyPI / nova

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.0a0