Vulnerabilities > Openstack > Havana > havana.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-27 | CVE-2013-2030 | Permissions, Privileges, and Access Controls vulnerability in Openstack products keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. | 2.1 |
| 2013-11-05 | CVE-2013-4497 | Permissions, Privileges, and Access Controls vulnerability in Openstack Folsom, Grizzly and Havana The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. | 6.4 |