4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:P/A:P
0.004 Low
EPSS
Percentile
73.0%
virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and
Folsom before Folsom-3 allows remote authenticated users to overwrite
arbitrary files via a symlink attack on a file in an image that uses a
symlink that is only readable by root. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2012-3361.