GHSA-qfp8-hfqx-c79c

Suggest an improvement
Source
https://github.com/advisories/GHSA-qfp8-hfqx-c79c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qfp8-hfqx-c79c/GHSA-qfp8-hfqx-c79c.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-qfp8-hfqx-c79c
Aliases
Published
2022-05-05T02:48:49Z
Modified
2024-11-26T16:56:49Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM
Details

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

Database specific 
{
    "nvd_published_at": "2013-03-22T21:55:00Z",
    "cwe_ids": [
        "CWE-863"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-09T16:15:03Z"
}
References

Affected packages

PyPI / nova

Package

Name
nova
View open source insights on deps.dev
Purl
pkg:pypi/nova

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.0.0a0