Moderate severityNVD Advisory· Published Apr 15, 2014· Updated May 6, 2026
CVE-2014-0167
CVE-2014-0167
Description
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
novaPyPI | >= 2013.1.0, < 2013.2.4 | 2013.2.4 |
Affected products
9cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:compute:2013.2.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.openwall.com/lists/oss-security/2014/04/09/26nvdPatchWEB
- github.com/advisories/GHSA-p258-xmh3-72pvghsaADVISORY
- launchpad.net/bugs/1290537nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2014-0167ghsaADVISORY
- www.ubuntu.com/usn/USN-2247-1nvdWEB
- access.redhat.com/errata/RHSA-2014:1084ghsaWEB
- access.redhat.com/security/cve/CVE-2014-0167ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- opendev.org/openstack/novaghsaPACKAGE
News mentions
0No linked articles in our index yet.