2013.2.0

DATE	CVE	VULNERABILITY TITLE	RISK
2014-10-08	CVE-2014-7231	Information Exposure vulnerability in multiple products The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. local low complexity openstack redhat CWE-200	2.1
2014-10-08	CVE-2014-7230	Information Exposure vulnerability in multiple products The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. local low complexity openstack redhat canonical CWE-200	2.1
2014-03-06	CVE-2013-6437	Resource Management Errors vulnerability in Openstack Nova The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file. network low complexity openstack CWE-399	4.0
2014-01-23	CVE-2013-7048	Permissions, Privileges, and Access Controls vulnerability in Openstack Nova OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots. local openstack CWE-264	3.3