CVE-2013-7130 – nova

Package

Manager: pip
Name: nova
Vulnerable Version: >=0 <12.0.0a0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02539 pctl0.84897

Details

OpenStack Nova Live migration can leak root disk into ephemeral storage The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

Metadata

Created: 2022-05-17T01:29:42Z
Modified: 2024-11-26T18:16:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-99rx-9x8v-9j8p/GHSA-99rx-9x8v-9j8p.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-99rx-9x8v-9j8p
Finding: F310
Auto approve: 1