Lucene search

K

GitHub Advisory DatabaseGHSA-46R8-9CJ7-PW6G

HistoryMay 17, 2022 - 1:45 a.m.

OpenStack Compute (Nova) Improper Input Validation

2022-05-1701:45:47

CWE-20

GitHub Advisory Database

github.com

9

openstack

compute

nova

ec2

os apis

input validation

access restrictions

security groups

network protocol

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.3

Confidence

Low

EPSS

0.013

Percentile

85.7%

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

Affected configurations

Vulners

Node

novanovaRange<12.0.0a0

References

secunia.com/advisories/46808

secunia.com/advisories/49439

www.ubuntu.com/usn/USN-1466-1

bugs.launchpad.net/nova/+bug/985184

exchange.xforce.ibmcloud.com/vulnerabilities/76110

github.com/advisories/GHSA-46r8-9cj7-pw6g

github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978

github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654

lists.launchpad.net/openstack/msg12883.html

nvd.nist.gov/vuln/detail/CVE-2012-2654

review.openstack.org/#/c/8239

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.3

Confidence

Low

EPSS

0.013

Percentile

85.7%

Related for GHSA-46R8-9CJ7-PW6G

fedora7 debiancve1 cvelist1 cve1 openvas16 ubuntu1 ubuntucve1 nessus3 prion1 nvd1