Moderate severityNVD Advisory· Published Jun 21, 2012· Updated Jun 16, 2026
CVE-2012-2654
CVE-2012-2654
Description
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
novaPyPI | < 12.0.0a0 | 12.0.0a0 |
Affected products
4Patches
Vulnerability mechanics
References
13- bugs.launchpad.net/nova/+bug/985184nvdPatchWEB
- github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978nvdExploitPatchWEB
- github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654nvdExploitPatchWEB
- secunia.com/advisories/46808nvdVendor Advisory
- secunia.com/advisories/49439nvdVendor Advisory
- github.com/advisories/GHSA-46r8-9cj7-pw6gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-2654ghsaADVISORY
- www.ubuntu.com/usn/USN-1466-1nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/76110nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-37.yamlghsaWEB
- lists.launchpad.net/openstack/msg12883.htmlnvdWEB
- review.openstack.orgghsaWEB
- review.openstack.orgnvd
News mentions
0No linked articles in our index yet.