OSSA-2013-019: Resource limit circumvention in Nova private flavors

Date:August 06, 2013


  • Nova: All versions


hzrandd from NetEase reported a resource limit circumvention vulnerability in Nova’s handling of private flavors. Any tenant is able to show and boot any other tenant’s private flavors by guessing a flavor ID. This not only exposes the flavor’s name, memory and disk size, swap allocation, VCPU count and similar flavor properties, but potentially allows circumvention of any resource limits enforced through the os-flavor-access:is_public property.


  • hzrandd from NetEase (CVE-2013-2256)