CVE-2013-2256

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions before 2013.1.3 OpenStack Compute (Nova) Havana versions before havana-2

Description The issue allows remote authenticated users to obtain sensitive information, such as flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id, due to the improper enforcement of the os-flavor-access:is public property.

Recommendations For OpenStack Compute (Nova) versions before 2013.1.3, update to version 2013.1.3 or later. For OpenStack Compute (Nova) Havana versions before havana-2, update to havana-2 or later.