oss-sec mailing list archives
CVE request for vulnerability in OpenStack Nova
From: Grant Murphy <gmurphy () redhat com>
Date: Fri, 21 Mar 2014 14:37:35 +1000
A vulnerability was discovered in OpenStack (see below). In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Nova VMWare driver leaks rescued images Reporter: Jaroslav Henner (Red Hat) Products: Nova Versions: 2013.2 to 2013.2.2 Description: Jaroslav Henner from Red Hat reported a vulnerability in Nova. By requesting Nova place an image into rescue, then deleting the image, an authenticated user my exceed their quota. This can result in a denial of service via excessive resource consumption. Only setups using the Nova VMWare driver are affected. References: https://bugs.launchpad.net/nova/+bug/1269418 Thanks in advance, -- Grant Murphy OpenStack Vulnerability Management Team
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE request for vulnerability in OpenStack Nova Grant Murphy (Mar 20)
- Re: CVE request for vulnerability in OpenStack Nova cve-assign (Mar 20)