The directories that are used to temporarily store live snapshots on Nova compute nodes are writable to all local users. A local attacker with shell access on the compute nodes might, therefore, read and modify the contents of live snapshots before those files are uploaded to the image service.
CVE ID:CVE-2013-7048
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score_ See__ https://exchange.xforce.ibmcloud.com/vulnerabilities/89873 _for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
IBM SmartCloud Orchestrator 2.3
The recommended solution is to apply IBM SmartCloud Orchestrator V2.3.0 Fix Pack 1 as soon as practical.
This functionality is not directly exposed to IBM SmartCloud Orchestrator end users. Ensure that end users do not have direct access to the nova commands.
CPE | Name | Operator | Version |
---|---|---|---|
ibm smartcloud orchestrator | eq | 2.3 |