Skip to content

OpenStack Nova live snapshots use an insecure local directory

Low severity GitHub Reviewed Published May 14, 2022 to the GitHub Advisory Database • Updated May 14, 2024

Package

pip nova (pip)

Affected versions

< 12.0.0a0

Patched versions

12.0.0a0

Description

OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

References

Published by the National Vulnerability Database Jan 23, 2014
Published to the GitHub Advisory Database May 14, 2022
Reviewed May 14, 2024
Last updated May 14, 2024

Severity

Low

Weaknesses

No CWEs

CVE ID

CVE-2013-7048

GHSA ID

GHSA-grp5-h379-j75x

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.