Information Disclosure

2019-01-1508:52:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

49.6%

JSON

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists in the instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.

CPENameOperatorVersion
openstack-novaeq2012.2.3__7.el6ost
openstack-novaeq2012.2.3__4.el6ost
openstack-novaeq2012.2.2__8.el6ost
openstack-novaeq2013.1.1__2.el6ost
openstack-novaeq2013.1.4__4.el6ost
openstack-novaeq2013.1.4__1.el6ost
openstack-novaeq2012.2__2.1.el6
openstack-novaeq2013.1.1__4.el6ost
openstack-novaeq2012.2.3__9.el6ost
openstack-novaeq2013.1.2__2.el6ost

Name	Operator	Version
openstack-nova	eq	2012.2.3__7.el6ost
openstack-nova	eq	2012.2.3__4.el6ost
openstack-nova	eq	2012.2.2__8.el6ost
openstack-nova	eq	2013.1.1__2.el6ost
openstack-nova	eq	2013.1.4__4.el6ost
openstack-nova	eq	2013.1.4__1.el6ost
openstack-nova	eq	2012.2__2.1.el6
openstack-nova	eq	2013.1.1__4.el6ost
openstack-nova	eq	2012.2.3__9.el6ost
openstack-nova	eq	2013.1.2__2.el6ost