CVE-2013-7048

Openstack Nova < 2013.1.4 - Access Control

Title source: rule

Description

OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

References (3)

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2014-0231.html

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2014/01/13/2

[Exploit, Patch, Third Party Advisory] https://bugs.launchpad.net/nova/+bug/1227027

Scores

EPSS 0.0006

EPSS Percentile 16.9%

Classification

CWE

CWE-264

Status draft

Affected Products (2)

openstack/nova < 2013.1.4

pypi/nova < 12.0.0a0PyPI

Timeline

Published Jan 23, 2014

Tracked Since Feb 18, 2026