CNNVD-202508-161 Information
CNNVD ID
CNNVD-202508-161
Related CVE
- CNNVD Published: 2025-08-03
Description (Chinese)
OpenNebula是OpenNebula开源的一个用于管理异构分布式数据中心基础架构的云计算平台。 OpenNebula Community Edition 7.0.0之前版本和Enterprise Edition 6.10.3之前版本存在竞争条件问题漏洞,该漏洞源于FireEdge存在竞争条件,可能导致账户接管。
Description (English)
OpenNebula is a cloud computing platform for the management of the base structure of the isomeric data centre at OpenNebula open source. Before OpenNebula Commission 7.0.0 and before Enterprise Edition 6.10.3, there was a gap in competition conditions, which stemmed from the competitive conditions in FireEdge, which could lead to account takeover.
Hazard Level
Medium
Vulnerability Type
竞争条件问题
Affected Vendor
OpenNebula
Published
2025-08-03
Last Modified
2026-02-24
References
https://github.com/Stolichnayer/OpenNebula-Account-Takeover https://docs.opennebula.io/6.10/intro_release_notes/release_notes_enterprise/resolved_issues_6103.html https://github.com/OpenNebula/one https://github.com/OpenNebula/one/releases/tag/release-7.0.0 https://github.com/OpenNebula/one/commit/81058d9705e7ac619d294423de28b76d88f613b6 https://access.redhat.com/security/cve/cve-2025-54955
Patch
https://github.com/OpenNebula/one/tags
Share on: