OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
| Score | Percentile |
|---|---|
| 0.47% | 64.53% |
No CVSS scores in this advisory.
| Type | Value |
|---|---|
| GHSA | GHSA-5mj6-643f-2g85 ↗ |
| CVE | CVE-2013-2256 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| pip | nova | < 2013.1.3 | 2013.1.3 | — |