CVE-2014-8750

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions prior to 2014.1.4 OpenStack Compute (Nova) versions prior to 2014.2rc1

Description A race condition exists in the VMware driver of OpenStack Compute (Nova), allowing remote authenticated users to access unintended consoles. This occurs when an instance is spawned, triggering the allocation of the same VNC port to two different instances.

Recommendations For versions prior to 2014.1.4, update to version 2014.1.4 or later to resolve the issue. For versions prior to 2014.2rc1, update to version 2014.2rc1 or later to resolve the issue.