3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists in the instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.
www.openwall.com/lists/oss-security/2014/03/27/6
www.ubuntu.com/usn/USN-2247-1
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/nova/+bug/1221190
bugzilla.redhat.com/show_bug.cgi?id=1022627
bugzilla.redhat.com/show_bug.cgi?id=1060772
bugzilla.redhat.com/show_bug.cgi?id=1069429
bugzilla.redhat.com/show_bug.cgi?id=1069432
bugzilla.redhat.com/show_bug.cgi?id=1071469
bugzilla.redhat.com/show_bug.cgi?id=1077017
bugzilla.redhat.com/show_bug.cgi?id=1081001
bugzilla.redhat.com/show_bug.cgi?id=1085005
bugzilla.redhat.com/show_bug.cgi?id=1089070
rhn.redhat.com/errata/RHSA-2014-0578.html