CVE-2013-4497

Published: Nov 5, 2013Modified: Apr 29, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

Affected (5)

Products: Openstack: Havana, Grizzly, Folsom

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Openstack Havana	Up to havana-3
Openstack Havana	Version havana-1
Openstack Havana	Version havana-2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Grizzly	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Folsom	All versions

Related CWEs

CWE-264

References (8)

http://www.openwall.com/lists/oss-security/2013/11/03/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/11/03/3

Source: secalert@redhat.com

https://bugs.launchpad.net/nova/+bug/1073306

Source: secalert@redhat.com

https://bugs.launchpad.net/nova/+bug/1202266

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/11/03/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/11/03/3

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/nova/+bug/1073306

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/nova/+bug/1202266

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.