OSSA-2014-017: Nova VMware driver leaks rescued images

OSSA-2014-017: Nova VMware driver leaks rescued images

Date

May 29, 2014

CVE

CVE-2014-2573

Affects

  • Nova: from 2013.2 to 2013.2.3, and 2014.1

Description

Jaroslav Henner from Red Hat reported a vulnerability in Nova. By requesting Nova place an image into rescue, then deleting the image, an authenticated user my exceed their quota. This can result in a denial of service via excessive resource consumption. Only setups using the Nova VMware driver are affected.

Credits

  • Jaroslav Henner from Red Hat (CVE-2014-2573)

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.