OSSA-2013-024: Resource limit circumvention in Nova private flavors

Date:August 28, 2013
CVE:CVE-2013-4278

Affects

  • Nova: All versions

Description

Ken’ichi Ohmichi from NEC reported that the fix for OSSA 2013-019 (CVE-2013-2256) was incomplete. Any tenant was still able to boot any other tenant’s private flavors by guessing a flavor ID. This potentially allowed circumvention of any resource limits enforced through the os-flavor-access:is_public property.

Credits

  • Ken’ichi Ohmichi from NEC (CVE-2013-4278)