{"id":"CVE-2013-4278","details":"The \"create an instance\" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id.  NOTE: this issue is due to an incomplete fix for CVE-2013-2256.","aliases":["GHSA-43cm-73px-5v4m","PYSEC-2026-862"],"modified":"2026-07-07T11:56:42.520354530Z","published":"2013-09-16T19:14:39Z","references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"type":"FIX","url":"http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html"},{"type":"WEB","url":"https://bugs.launchpad.net/ossa/+bug/1212179"}],"schema_version":"1.7.5"}