Red Hat Customer Portal

Skip to main content

CVE-2013-0208

The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.

Details Source

Mitre

Public Date

2013-01-29 00:00:00

Impact

Important

Bugzilla

CVE-2013-0208 openstack-nova: Boot from volume allows access to random volumes

Bugzilla ID

902 629

CVSS Status

verified

Base Score

6.50

Base Metrics

AV:N/AC:L/Au:S/C:P/I:P/A:P

Acknowledgements

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Phil Day as the original reporter.

Red Hat Security Errata

Platform Errata Release Date
OpenStack Folsom (openstack-nova) RHSA-2013:0208 2013-01-30

Affected Packages State

Platform Package State
RHOS Essex Release openstack-nova Affected