OSSA-2013-030: XenAPI security groups not kept through migrate or resize¶
November 14, 2013
Nova: All supported versions prior to Havana
Chris Behrens with Rackspace and Vangelis Tasoulas reported a set of vulnerabilities in OpenStack Nova’s XenAPI hypervisor backend. When migrating or resizing an instance, including live migration, existing security groups may not be reapplied after the operation completes. This can lead to unintentional network exposure for virtual machines. Only setups using the XenAPI backend are affected.
Chris Behrens from Rackspace (CVE-2013-4497)
Vangelis Tasoulas (CVE-2013-4497)