CVE-2011-4076
https://notcve.org/view.php?id=CVE-2011-4076
OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY. OpenStack Nova versiones anteriores a 2012.1, permite a alguien con acceso a una EC2_ACCESS_KEY (equivalente a un nombre de usuario) obtener la EC2_SECRET_KEY (equivalente a una contraseña). Exponer el EC2_ACCESS_KEY por medio de http o herramientas que permiten ataques de tipo man-in-the-middle sobre https podría permitir a un atacante obtener fácilmente el EC2_SECRET_KEY. • https://access.redhat.com/security/cve/cve-2011-4076 https://bugs.launchpad.net/nova/+bug/868360 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4076 https://security-tracker.debian.org/tracker/CVE-2011-4076 https://www.openwall.com/lists/oss-security/2011/10/25/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-3147 – qcow format could expose host filesystem information
https://notcve.org/view.php?id=CVE-2011-3147
Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. Las versiones de nova anteriores a 2012.1 podrían exponer los archivos de host de hipervisor a un sistema operativo invitado al procesar un sistema de archivos qcow construido de forma maliciosa. • http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-2140 – openstack-nova: Host data leak through resize/migration
https://notcve.org/view.php?id=CVE-2016-2140
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. El controlador libvirt en OpenStack Compute (Nova) en versiones anteriores a 2015.1.4 (kilo) y 12.0.x en versiones anteriores a 12.0.3 (liberty), cuando usa almacenamiento en bruto y use_cow_images está establecido a false, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una cabecera qcow2 manipulada en un disco efímero o root. An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. • http://www.openwall.com/lists/oss-security/2016/03/08/6 http://www.securityfocus.com/bid/84277 https://bugs.launchpad.net/nova/+bug/1548450 https://security.openstack.org/ossa/OSSA-2016-007.html https://access.redhat.com/security/cve/CVE-2016-2140 https://bugzilla.redhat.com/show_bug.cgi?id=1313454 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-8749
https://notcve.org/view.php?id=CVE-2015-8749
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. La función volume_utils._parse_volume_info en OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty) incluye el diccionario connection_info en el mensaje StorageError cuando utiliza el backend Xen, lo que permitiría a atacantes obtener información sensible de contraseña leyendo archivos de registro u otros vectores no especificados. • http://www.openwall.com/lists/oss-security/2016/01/07/8 http://www.openwall.com/lists/oss-security/2016/01/07/9 http://www.securityfocus.com/bid/80189 https://bugs.launchpad.net/nova/+bug/1516765 https://security.openstack.org/ossa/OSSA-2016-002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7548 – openstack-nova: Unprivileged API user can access host data using instance snapshot
https://notcve.org/view.php?id=CVE-2015-7548
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty), cuando se utiliza libvirt para producir instancias y use_cow_images se establece en false, permite a usuarios remotos autenticados leer archivos arbitrarios sobrescribiendo una instancia de disco con una imagen manipulada y solicitando una instantánea. A flaw was discovered in the OpenStack Compute (nova) snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw only affects LVM or Ceph setups, or setups using filesystem storage with "use_cow_images = False". • http://rhn.redhat.com/errata/RHSA-2016-0018.html http://www.securityfocus.com/bid/80176 https://security.openstack.org/ossa/OSSA-2016-001.html https://access.redhat.com/security/cve/CVE-2015-7548 https://bugzilla.redhat.com/show_bug.cgi?id=1290511 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •