CVE-2014-3608

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.

Published Bysecalert@redhat.com

Published DateOct 06, 2014, 14:55

Affected Versions(1)

nova(PyPI)

Introduced0

Fixed2014.1.3

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
nova(PyPI)	0	2014.1.3	N/A

Weakness Type (CWE):CWE-399

CVSS Metrics

Base Score

2.7

Vector String

AV:A/AC:L/Au:S/C:N/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

PARTIAL

References

Weakness Type (CWE):CWE-399

CVSS Metrics

Base Score

2.7

Vector String

AV:A/AC:L/Au:S/C:N/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

PARTIAL