CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
85.7%
It was discovered that, when defining security groups in Nova using
the EC2 or OS APIs, specifying the network protocol (e.g. ‘TCP’) in
the incorrect case would cause the security group to not be applied
correctly. An attacker could use this to bypass Nova security group
restrictions.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.04 | noarch | python-nova | < 2012.1-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | nova-ajax-console-proxy | < 2012.1-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | nova-api | < 2012.1-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | nova-api-ec2 | < 2012.1-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | nova-api-metadata | < 2012.1-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | nova-api-os-compute | < 2012.1-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | nova-api-os-volume | < 2012.1-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | nova-cert | < 2012.1-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | nova-common | < 2012.1-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | nova-compute | < 2012.1-0ubuntu2.2 | UNKNOWN |