CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
76.7%
David Black discovered that Nova did not properly perform input validation
during image registration. An attacker could exploit this by registering a
crafted image using the EC2 API or S3/RegisterImage method and overwrite
files as the nova user.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 11.10 | noarch | python-nova | < 2011.3-0ubuntu6.3 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-ajax-console-proxy | < 2011.3-0ubuntu6.3 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-api | < 2011.3-0ubuntu6.3 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-common | < 2011.3-0ubuntu6.3 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-compute | < 2011.3-0ubuntu6.3 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-compute-kvm | < 2011.3-0ubuntu6.3 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-compute-lxc | < 2011.3-0ubuntu6.3 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-compute-uml | < 2011.3-0ubuntu6.3 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-compute-xen | < 2011.3-0ubuntu6.3 | UNKNOWN |
Ubuntu | 11.10 | noarch | nova-doc | < 2011.3-0ubuntu6.3 | UNKNOWN |