OpenStack Compute (nova)

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1069904
Comment #56

Comment 56 for bug 1069904

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-01-29: Fix merged to nova (stable/essex)

#56

Reviewed: https://review.openstack.org/20700
Committed: http://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b
Submitter: Jenkins
Branch: stable/essex

commit 243d516cea9d3caa5a8267b12d2f577dcb24193b
Author: Vishvananda Ishaya <email address hidden>
Date: Thu Jan 24 10:45:19 2013 +0000

disallow boot from volume from specifying arbitrary volumes

    Fix a vulnerability in volume attachment in nova-volume, affecting the
    boot-from-volume feature. By passing a specific volume ID, an
    authenticated user may be able to boot from a volume they don't own,
    potentially resulting in full access to that 3rd-party volume.

Fixes bug: 1069904, CVE-2013-0208
Change-Id: I5f7c8d20d3ebf33ce1ce64bf0a8418bd2b5a6411