CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2013-7130 – nova: Live migration can leak root disk into ephemeral storage
https://notcve.org/view.php?id=CVE-2013-7130
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. El método i_create_images_and_backing (también conocido como create_images_and_backing) en el driver libvirt en OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, cuando hace uso de un bloque de migración KVM en vivo, no crea debidamente todos los archivos esperados, lo que permite a atacantes obtener contenido de una instantánea del disco raíz de otros usuarios a través del almacenamiento efímero. • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html http://osvdb.org/102416 http://rhn.redhat.com/errata/RHSA-2014-0231.html http://secunia.com/advisories/56450 http://www.openwall.com/lists/oss-security/2014/01/23/5 http://www.securityfocus.com/bid/65106 http://www.ubuntu.com/usn/USN-2247-1 https://bugs.launchpad.net/nova/+bug/1251590 https://exchange.xfo • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2013-2030
https://notcve.org/view.php?id=CVE-2013-2030
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. keystone/middleware/auth_token.py en OpenStack Nova Folsom, Grizzly, y Havana, utiliza un directorio temporal inseguro para almacenar certificados de firma, lo cual permite a usuarios locales impersonar servidores mediante la creación previa de este directorio, que es reutilizado por Nova, como se muestra utilizando /tmp/keystone-signing-nova en Fedora. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html http://www.openwall.com/lists/oss-security/2013/05/09/2 https://bugs.launchpad.net/nova/+bug/1174608 https://bugzilla.redhat.com/show_bug.cgi?id=958285 • CWE-264: Permissions, Privileges, and Access Controls •