Access Restriction Bypass Affecting nova package, versions <2012.1.1-12


0.0
medium

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.44% (75th percentile)
Expand this section
NVD
6.3 medium
Expand this section
Red Hat
6.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-DEBIAN11-NOVA-525425
  • published 13 Feb 2013
  • disclosed 13 Feb 2013

How to fix?

Upgrade Debian:11 nova to version 2012.1.1-12 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream nova package and not the nova package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.