CVE-2013-4202

Name of the Vulnerable Software and Affected Versions OpenStack Cinder versions 2013.1.3 and earlier

Description The issue affects the backup API (api/contrib/backups.py) and volume transfer API (contrib/volume transfer.py) in OpenStack Cinder, allowing remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

Recommendations For versions 2013.1.3 and earlier, consider disabling the backup and volume transfer APIs until a patch is available to prevent potential denial of service attacks. Restrict access to the api/contrib/backups.py and contrib/volume transfer.py modules to minimize the risk of exploitation.