GCVE - cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*

part: a version: 2013.1 update: *

Vendor	Openstack (`7b0cf974-b2b5-592e-bdf4-6953805ef02a`)
Product	Compute (`8976b317-32c2-5dce-aa28-7b7e42d27d27`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gem/openstack-compute`	purl2cpe	2026-06-01 10:17:02.968001
`pkg:rpm/opensuse/perl-net-openstack-compute`	purl2cpe	2026-06-01 10:17:02.968002

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-0167`	vulnerable	2026-06-03 14:33:37.331373	Details available The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests. Published: 2014-04-15T14:00:00.000Z Updated: 2024-08-06T09:05:38.956Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2014/04/09/26 https://launchpad.net/bugs/1290537 http://www.ubuntu.com/usn/USN-2247-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-7130`	vulnerable	2026-06-03 14:33:34.064778	Details available The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. Published: 2014-02-06T16:00:00.000Z Updated: 2024-08-06T18:01:19.335Z Open on db.gcve.eu Reference links https://review.openstack.org/#/c/68659/ https://review.openstack.org/#/c/68658/ http://www.securityfocus.com/bid/65106 https://review.openstack.org/#/c/68660/ https://exchange.xforce.ibmcloud.com/vulnerabilities/90652	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2255`	vulnerable	2026-06-03 14:33:00.232696	Details available HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. Published: 2019-11-01T18:38:01.000Z Updated: 2024-08-06T15:27:41.145Z Open on db.gcve.eu Reference links https://security-tracker.debian.org/tracker/CVE-2013-2255 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255 https://access.redhat.com/security/cve/cve-2013-2255 https://exchange.xforce.ibmcloud.com/vulnerabilities/85562	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2030`	vulnerable	2026-06-03 14:32:53.273395	Details available keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. Published: 2013-12-27T01:00:00.000Z Updated: 2024-08-06T15:20:37.504Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2013/05/09/2 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html https://bugs.launchpad.net/nova/+bug/1174608 https://bugzilla.redhat.com/show_bug.cgi?id=958285	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.