Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenStack 权限许可和访问控制问题漏洞
Vulnerability Description
OpenStack是美国美国国家航空航天局(NASA)的一个云平台管理项目。OpenStack Nova是其中的一个用Python编写的云计算构造控制器,属于IaaS系统的一部分。 OpenStack Compute (Nova) Folsom,Grizzly,以及Havana存在权限许可和访问控制问题漏洞,该漏洞源于程序没有正确检查os-flavor-access:is_public属性值。攻击者利用该漏洞获取虚拟硬件模板的访问权限。
CVSS Information
N/A
Vulnerability Type
N/A