Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11951

HistoryJan 15, 2019 - 9:10 a.m.

Arbitrary File Read

2019-01-1509:10:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

EPSS

0.001

Percentile

50.1%

openstack-nova is vulnerable to arbitrary file read attacks. The vulnerability exists as the libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.

References

seclists.org/oss-sec/2016/q1/563

www.openwall.com/lists/oss-security/2016/03/08/6

www.securityfocus.com/bid/84277

access.redhat.com/errata/RHSA-2016:0363

access.redhat.com/errata/RHSA-2016:0364

access.redhat.com/errata/RHSA-2016:0365

access.redhat.com/errata/RHSA-2016:0366

access.redhat.com/security/cve/CVE-2016-2140

access.redhat.com/security/updates/classification/#important

bugs.launchpad.net/nova/+bug/1548450

bugzilla.redhat.com/show_bug.cgi?id=1313454

rhn.redhat.com/errata/RHSA-2016-0366.html

security.openstack.org/ossa/OSSA-2016-007.html

EPSS

0.001

Percentile

50.1%

Related for VERACODE:11951

debiancve1 redhat4 cvelist1 github1 prion1 ibm1 nvd1 cve1 ubuntucve1 ubuntu1 nessus1 openvas1