← Back

CVE-2014-0167

nvd nist
Published: Apr 15, 2014Modified: May 6, 2026

JSON object

Loading...
6.0
Vector
AV:N/AC:M/Au:S/C:P/I:P/A:P
Exploitability: 6.8 / Impact: 6.4
Source: NVD

Description

The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.

Affected (9)

Openstack
2 products
Compute
Icehouse
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Openstack
Compute
Version 2013.1.1
Compute
Version 2013.1.2
Compute
Version 2013.1.3
Compute
Version 2013.1
Compute
Version 2013.2.1
Compute
Version 2013.2.2
Compute
Version 2013.2.3
Compute
Version 2013.2
Icehouse
All versions

Related CWEs

CWE-264
CWE-264

References (6)

Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.