{"api_version":"1","generated_at":"2026-04-23T09:37:12+00:00","cve":"CVE-2013-4497","urls":{"html":"https://cve.report/CVE-2013-4497","api":"https://cve.report/api/cve/CVE-2013-4497.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-4497","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-4497"},"summary":{"title":"CVE-2013-4497","description":"The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2013-11-05 20:55:00","updated_at":"2013-11-07 01:11:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://www.openwall.com/lists/oss-security/2013/11/03/2","name":"[oss-security] 20131103 CVE request for a vulnerability in OpenStack Nova","refsource":"MLIST","tags":[],"title":"oss-security - CVE request for a vulnerability in OpenStack Nova","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.launchpad.net/nova/+bug/1202266","name":"https://bugs.launchpad.net/nova/+bug/1202266","refsource":"CONFIRM","tags":[],"title":"Bug #1202266 “[OSSA 2013-030] xenapi: secgroups are not in place...” : Bugs : OpenStack Compute (nova)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.launchpad.net/nova/+bug/1073306","name":"https://bugs.launchpad.net/nova/+bug/1073306","refsource":"CONFIRM","tags":[],"title":"Bug #1073306 “[OSSA 2013-030] xenapi migrations don't apply secu...” : Bugs : OpenStack Compute (nova)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2013/11/03/3","name":"[oss-security] 20131103 Re: CVE request for a vulnerability in OpenStack Nova","refsource":"MLIST","tags":[],"title":"oss-security - Re: CVE request for a vulnerability in OpenStack Nova","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-4497","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4497","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"4497","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"folsom","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4497","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"folsom","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4497","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"grizzly","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4497","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"grizzly","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4497","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"havana","cpe6":"havana-1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4497","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"havana","cpe6":"havana-2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4497","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"havana","cpe6":"havana-1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4497","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"havana","cpe6":"havana-2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4497","vulnerable":"1","versionEndIncluding":"havana-3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"havana","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2013-4497","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://www.openwall.com/lists/oss-security/2013/11/03/2","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2013/11/03/2"},{"url":"http://www.openwall.com/lists/oss-security/2013/11/03/3","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2013/11/03/3"},{"url":"https://bugs.launchpad.net/nova/+bug/1073306","refsource":"MISC","name":"https://bugs.launchpad.net/nova/+bug/1073306"},{"url":"https://bugs.launchpad.net/nova/+bug/1202266","refsource":"MISC","name":"https://bugs.launchpad.net/nova/+bug/1202266"}]}},"nvd":{"publishedDate":"2013-11-05 20:55:00","lastModifiedDate":"2013-11-07 01:11:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":6.4},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:havana:*:*:*:*:*:*:*:*","versionEndIncluding":"havana-3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:havana:havana-2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:havana:havana-1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"4497","Ordinal":"64156","Title":"CVE-2013-4497","CVE":"CVE-2013-4497","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"4497","Ordinal":"1","NoteData":"The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"4497","Ordinal":"2","NoteData":"2013-11-05","Type":"Other","Title":"Published"}]}}}