CVE-2013-7130

2014-02-0617:00:00

CWE-200

[email protected]

web.nvd.nist.gov

openstack compute

nova

grizzly

havana

icehouse

libvirt

kvm

live block migration

security vulnerability

nvd

cve-2013-7130

6 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.008 Low

EPSS

Percentile

80.9%

JSON

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

CPENameOperatorVersion
openstack:computeopenstack computeeq2012.2
openstack:computeopenstack computeeq2013.1.1
openstack:computeopenstack computeeq2013.1.2
openstack:havanaopenstack havanaeq-
openstack:computeopenstack computeeq2013.1
openstack:grizzlyopenstack grizzlyeq-
openstack:icehouseopenstack icehouseeq-
openstack:computeopenstack computeeq2013.1.3

CPE	Name	Operator	Version
openstack:compute	openstack compute	eq	2012.2
openstack:compute	openstack compute	eq	2013.1.1
openstack:compute	openstack compute	eq	2013.1.2
openstack:havana	openstack havana	eq	-
openstack:compute	openstack compute	eq	2013.1
openstack:grizzly	openstack grizzly	eq	-
openstack:icehouse	openstack icehouse	eq	-
openstack:compute	openstack compute	eq	2013.1.3