CVE-2013-7048
OpenStack Nova < 2013.1.4 and 2013.2.1 - Unprotected Live Snapshot Data Exposure via World-Writable Temporary Directory
Title source: llmDescription
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.
References (3)
Core 3
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/nova/+bug/1227027
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0231.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/01/13/2
Scores
EPSS
0.0013
EPSS Percentile
32.3%
Details
CWE
CWE-264
Status
published
Products (2)
openstack/nova
2013.1 - 2013.1.4
pypi/nova
0 - 12.0.0a0PyPI
Published
Jan 23, 2014
Tracked Since
Feb 18, 2026