6.4 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.7%
Phil Day discovered that nova-volume did not validate access to volumes. An
authenticated attacker could exploit this to bypass intended access
controls and boot from arbitrary volumes.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.10 | noarch | nova-volume | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | nova-ajax-console-proxy | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | nova-api | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | nova-api-ec2 | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | nova-api-metadata | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | nova-api-os-compute | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | nova-api-os-volume | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | nova-cert | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | nova-common | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | nova-compute | < 2012.2.1+stable-20121212-a99a802e-0ubuntu1.1 | UNKNOWN |