The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id.  NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
                
            References
                    Configurations
                    History
                    No history.
Information
                Published : 2013-09-16 19:14
Updated : 2025-04-11 00:51
NVD link : CVE-2013-4278
Mitre link : CVE-2013-4278
CVE.ORG link : CVE-2013-4278
JSON object : View
Products Affected
                openstack
- compute
CWE
                
                    
                        
                        CWE-264
                        
            Permissions, Privileges, and Access Controls
