Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9B31227AD7A583F4C4A5A07F4982B8865E887E7341B927BBD93E0019C2070128
HistoryJun 17, 2018 - 10:30 p.m.

Security Bulletin: Nova live snapshots use an insecure local directory (CVE-2013-7048)

2018-06-1722:30:48
www.ibm.com
12

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

The directories that are used to temporarily store live snapshots on Nova compute nodes are writable to all local users. A local attacker with shell access on the compute nodes might, therefore, read and modify the contents of live snapshots before those files are uploaded to the image service.

Vulnerability Details

CVE ID:CVE-2013-7048

CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score_ See__ https://exchange.xforce.ibmcloud.com/vulnerabilities/89873 _for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM SmartCloud Orchestrator 2.3

Remediation/Fixes

The recommended solution is to apply IBM SmartCloud Orchestrator V2.3.0 Fix Pack 1 as soon as practical.

Workarounds and Mitigations

This functionality is not directly exposed to IBM SmartCloud Orchestrator end users. Ensure that end users do not have direct access to the nova commands.

CPENameOperatorVersion
ibm smartcloud orchestratoreq2.3

Related

nessus 2
ubuntucve 1
cvelist 1
prion 1
debiancve 1
cve 1
seebug 1
github 1
nvd 1
redhat 2
openvas 4
fedora 2
veracode 3
nessus
nessus
Fedora 20 : openstack-nova-2013.2.2-1.fc20 (2014-2554)
2014-02-26 00:00:00
Fedora 19 : openstack-nova-2013.1.5-1.fc19 (2014-4188)
2014-04-03 00:00:00
ubuntucve
ubuntucve
CVE-2013-7048
2014-01-23 00:00:00
cvelist
cvelist
CVE-2013-7048
2014-01-23 21:00:00
prion
prion
Design/Logic Flaw
2014-01-23 21:55:00
debiancve
debiancve
CVE-2013-7048
2014-01-23 21:55:04
cve
cve
CVE-2013-7048
2014-01-23 21:55:04
seebug
seebug
OpenStack Compute (Nova) 不安全目录权限漏洞
2013-12-13 00:00:00
github
github
OpenStack Nova live snapshots use an insecure local directory
2022-05-14 01:58:45
nvd
nvd
CVE-2013-7048
2014-01-23 21:55:04
redhat
redhat
(RHSA-2014:0366) Moderate: openstack-nova security and bug fix update
2014-04-03 00:00:00
(RHSA-2014:0231) Moderate: openstack-nova security and bug fix update
2014-03-04 00:00:00
openvas
openvas
Fedora Update for openstack-nova FEDORA-2014-2554
2014-02-25 00:00:00
Fedora Update for openstack-nova FEDORA-2014-2554
2014-02-25 00:00:00
Fedora Update for openstack-nova FEDORA-2014-4188
2014-04-03 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: openstack-nova-2013.2.2-1.fc20
2014-02-25 07:53:02
[SECURITY] Fedora 19 Update: openstack-nova-2013.1.5-1.fc19
2014-04-02 09:14:29
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:57:31
Privilege Escalation
2019-05-02 04:57:32
Infomation Disclosure
2019-05-02 04:57:32

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for 9B31227AD7A583F4C4A5A07F4982B8865E887E7341B927BBD93E0019C2070128
nessus2ubuntucve1cvelist1prion1debiancve1cve1seebug1github1nvd1redhat2openvas4fedora2veracode3