Oomichi

**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions Folsom through Havana **Description** The issue is related to the "create an instance" API, which does not properly enforce the `os-flavor-access:is public` property. This allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. **Recommendations** For OpenStack Compute (Nova) versions Folsom through Havana, as a temporary workaround, consider restricting access to the "create an instance" API until a proper fix is applied. Avoid using the `os-flavor-access:is public` property in a way that relies on its enforcement by the API. At the moment, there is no information about a newer version that contains a fix for this vulnerability.