CVE-2014-2573

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.

Published: Mar 25, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2573
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.3
AV:A/AC:M/Au:S/C:N/I:N/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
openstack / compute	2013.2.2	2013.2.2.x
openstack / compute	2013.2.1	2013.2.1.x
openstack / compute	2013.2	2013.2.x

http://secunia.com/advisories/57498
http://www.openwall.com/lists/oss-security/2014/03/21/1
http://www.openwall.com/lists/oss-security/2014/03/21/2
https://bugs.launchpad.net/nova/+bug/1269418

Vulnerability Database

289,697

CVE-2014-2573