Openstack · Nova · CVE-2012-0030
**Name of the Vulnerable Software and Affected Versions**
Nova versions 2011.3 and Essex
**Description**
The issue allows remote authenticated users to bypass access restrictions for tenants of other users when using the OpenStack API. This is achieved via an OSAPI request with a modified `project id` URI parameter.
**Recommendations**
For Nova version 2011.3, update to a version that includes the fix for this issue.
For Nova version Essex, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the OSAPI endpoint to minimize the risk of exploitation.