4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
openstack-nova is vulnerable to information disclosure. When using libvirt and LVM backed instances, the contents of the physical volume (PV) are not properly wiped before the volume is returned to the system for use again, which could lead to the new instance being able to access confidential files and data from the previous instance.
CPE | Name | Operator | Version |
---|---|---|---|
openstack-nova | eq | 2012.2.1__2.el6ost | |
openstack-nova | eq | 2012.2__2.1.el6 | |
openstack-nova | eq | 2012.1.3__1.el6 | |
openstack-nova | eq | 2012.1.1__15.el6 |
osvdb.org/88419
rhn.redhat.com/errata/RHSA-2013-0208.html
www.openwall.com/lists/oss-security/2012/12/11/5
www.securityfocus.com/bid/56904
www.ubuntu.com/usn/USN-1663-1
access.redhat.com/security/updates/classification/#important
bugs.launchpad.net/nova/+bug/1070539
bugzilla.redhat.com/show_bug.cgi?id=856263
bugzilla.redhat.com/show_bug.cgi?id=881810
bugzilla.redhat.com/show_bug.cgi?id=884293
bugzilla.redhat.com/show_bug.cgi?id=887303
github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f
github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354
launchpad.net/nova/folsom/2012.2.2
rhn.redhat.com/errata/RHSA-2013-0208.html