Lucene search

K

GitHub Advisory DatabaseGHSA-QR62-R9XC-R2GJ

HistoryMay 14, 2022 - 1:58 a.m.

OpenStack Nova Multiple directory traversal vulnerabilities

2022-05-1401:58:50

CWE-22

GitHub Advisory Database

github.com

8

openstack

nova

directory traversal

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.005

Percentile

76.7%

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.

Affected configurations

Vulners

Node

novanovaRange<12.0.0a0

References

bugs.launchpad.net/nova/+bug/885167

bugs.launchpad.net/nova/+bug/894755

github.com/advisories/GHSA-qr62-r9xc-r2gj

github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6

github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e

lists.launchpad.net/openstack/msg06105.html

nvd.nist.gov/vuln/detail/CVE-2011-4596

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.005

Percentile

76.7%

Related for GHSA-QR62-R9XC-R2GJ

cvelist1 securityvulns1 prion1 nvd1 openvas8 cve1 nessus3 ubuntu1 ubuntucve1 debiancve1