CVE-2014-2573
OpenStack Nova VMWare driver leaks rescued images
6.5
MEDIUM
CVSS 3.1
EPSS 0.11%
Description
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
How to fix CVE-2014-2573
To remediate CVE-2014-2573, upgrade the affected package to a fixed version below.
- —upgrade to 2014.1-9 or later
- —upgrade to 12.0.0a0 or later
- —upgrade to 12.0.0a0 or later
Is CVE-2014-2573 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2014.1-9
- from 0, < 12.0.0a0
- from 0, < 12.0.0a0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |