CVE-2014-0167: OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests
(updated )
It was found that RBAC policies were not enforced in certain methods of the OpenStack Compute EC2 (Amazon Elastic Compute Cloud) API. A remote attacker could use this flaw to escalate their privileges beyond the user group they were originally restricted to. Note that only certain setups using non-default RBAC rules for OpenStack Compute were affected.
References
- www.openwall.com/lists/oss-security/2014/04/09/26
- www.ubuntu.com/usn/USN-2247-1
- access.redhat.com/errata/RHSA-2014:1084
- access.redhat.com/security/cve/CVE-2014-0167
- bugzilla.redhat.com/show_bug.cgi?id=1084868
- github.com/advisories/GHSA-p258-xmh3-72pv
- launchpad.net/bugs/1290537
- nvd.nist.gov/vuln/detail/CVE-2014-0167
Detect and mitigate CVE-2014-0167 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →