Moderate severityNVD Advisory· Published Sep 16, 2013· Updated Jun 16, 2026
CVE-2013-2256
CVE-2013-2256
Description
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
novaPyPI | < 2013.1.3 | 2013.1.3 |
Affected products
4- osv-coords2 versions
< 0+ 1 more
- (no CPE)range: < 0
- (no CPE)range: < 2013.1.3
Patches
Vulnerability mechanics
References
9- seclists.org/oss-sec/2013/q3/281nvdMailing ListPatchThird Party AdvisoryWEB
- bugs.launchpad.net/nova/+bug/1194093nvdExploitThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2013-1199.htmlnvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-5mj6-643f-2g85ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-2256ghsaADVISORY
- access.redhat.com/errata/RHSA-2013:1199ghsaWEB
- access.redhat.com/security/cve/CVE-2013-2256ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- opendev.org/openstack/novaghsaPACKAGE
News mentions
0No linked articles in our index yet.