CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2140 – openstack-nova: Host data leak through resize/migration
https://notcve.org/view.php?id=CVE-2016-2140
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. El controlador libvirt en OpenStack Compute (Nova) en versiones anteriores a 2015.1.4 (kilo) y 12.0.x en versiones anteriores a 12.0.3 (liberty), cuando usa almacenamiento en bruto y use_cow_images está establecido a false, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una cabecera qcow2 manipulada en un disco efímero o root. An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. • http://www.openwall.com/lists/oss-security/2016/03/08/6 http://www.securityfocus.com/bid/84277 https://bugs.launchpad.net/nova/+bug/1548450 https://security.openstack.org/ossa/OSSA-2016-007.html https://access.redhat.com/security/cve/CVE-2016-2140 https://bugzilla.redhat.com/show_bug.cgi?id=1313454 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-8749
https://notcve.org/view.php?id=CVE-2015-8749
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. La función volume_utils._parse_volume_info en OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty) incluye el diccionario connection_info en el mensaje StorageError cuando utiliza el backend Xen, lo que permitiría a atacantes obtener información sensible de contraseña leyendo archivos de registro u otros vectores no especificados. • http://www.openwall.com/lists/oss-security/2016/01/07/8 http://www.openwall.com/lists/oss-security/2016/01/07/9 http://www.securityfocus.com/bid/80189 https://bugs.launchpad.net/nova/+bug/1516765 https://security.openstack.org/ossa/OSSA-2016-002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7548 – openstack-nova: Unprivileged API user can access host data using instance snapshot
https://notcve.org/view.php?id=CVE-2015-7548
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty), cuando se utiliza libvirt para producir instancias y use_cow_images se establece en false, permite a usuarios remotos autenticados leer archivos arbitrarios sobrescribiendo una instancia de disco con una imagen manipulada y solicitando una instantánea. A flaw was discovered in the OpenStack Compute (nova) snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw only affects LVM or Ceph setups, or setups using filesystem storage with "use_cow_images = False". • http://rhn.redhat.com/errata/RHSA-2016-0018.html http://www.securityfocus.com/bid/80176 https://security.openstack.org/ossa/OSSA-2016-001.html https://access.redhat.com/security/cve/CVE-2015-7548 https://bugzilla.redhat.com/show_bug.cgi?id=1290511 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6437 – openstack-nova: DoS through ephemeral disk backing files
https://notcve.org/view.php?id=CVE-2013-6437
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file. El controlador libvirt en OpenStack Compute (Nova) anterior a 2013.2.2 y icehouse anterior a icehouse-2 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) mediante creación y eliminación de instancias con configuraciones os_type únicas, lo que provoca la creación de un archivo de respaldo de disco efímero nuevo. • http://lists.openstack.org/pipermail/openstack-announce/2013-December/000179.html http://rhn.redhat.com/errata/RHSA-2014-0231.html https://bugs.launchpad.net/nova/+bug/1253980 https://access.redhat.com/security/cve/CVE-2013-6437 https://bugzilla.redhat.com/show_bug.cgi?id=1043106 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 1CVE-2013-7048 – Nova: insecure directory permissions in snapshots
https://notcve.org/view.php?id=CVE-2013-7048
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots. OpenStack Compute (Nova) Grizzly 2013.1.4,, La Habana 2013.2.1, y anteriores utilizan con permiso de escritura y lectura universal para el directorio temporal usado para almacenar las instantáneas en vivo (snapshots), lo que permite a usuarios locales leer y modificar instantáneas en vivo (snapshots). • http://rhn.redhat.com/errata/RHSA-2014-0231.html http://www.openwall.com/lists/oss-security/2014/01/13/2 https://bugs.launchpad.net/nova/+bug/1227027 https://access.redhat.com/security/cve/CVE-2013-7048 https://bugzilla.redhat.com/show_bug.cgi?id=1040786 • CWE-264: Permissions, Privileges, and Access Controls •