CVE-2014-2573

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions 2013.2 through 2013.2.2

Description The issue allows remote authenticated users to bypass the quota limit and cause a denial of service by requesting a VM be put into rescue and then deleting the image, due to the VMWare driver not properly putting VMs into RESCUE status.

Recommendations For OpenStack Compute (Nova) versions 2013.2 through 2013.2.2, consider restricting access to the VM rescue functionality to prevent unauthorized users from exploiting this issue. As a temporary workaround, consider implementing additional quota checks to limit resource consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.