Vulnerabilities > Openstack > Havana > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-27 | CVE-2013-2030 | Permissions, Privileges, and Access Controls vulnerability in Openstack products keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. | 2.1 |
| 2013-11-02 | CVE-2013-4477 | Permissions, Privileges, and Access Controls vulnerability in Openstack Grizzly and Havana The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges. | 3.3 |
| 2013-07-09 | CVE-2013-2096 | Resource Management Errors vulnerability in Openstack Folsom, Grizzly and Havana OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data. | 2.1 |