Search criteria
8 vulnerabilities found for icehouse by openstack
CVE-2015-1851 (GCVE-0-2015-1851)
Vulnerability from nvd – Published: 2015-06-25 16:00 – Updated: 2024-08-06 04:54
VLAI
Summary
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://lists.openstack.org/pipermail/openstack-an… | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2015/dsa-3292 | vendor-advisoryx_refsource_DEBIAN |
| http://www.openwall.com/lists/oss-security/2015/06/13/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2015/06/17/7 | mailing-listx_refsource_MLIST |
| http://rhn.redhat.com/errata/RHSA-2015-1206.html | vendor-advisoryx_refsource_REDHAT |
| http://www.ubuntu.com/usn/USN-2703-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2015/06/17/2 | mailing-listx_refsource_MLIST |
| https://bugs.launchpad.net/cinder/+bug/1415087 | x_refsource_CONFIRM |
Date Public
2015-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[openstack-announce] 20150616 [OSSA 2015-011.1] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html"
},
{
"name": "DSA-3292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3292"
},
{
"name": "[oss-security] 20150613 CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/13/1"
},
{
"name": "[oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/17/7"
},
{
"name": "RHSA-2015:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1206.html"
},
{
"name": "USN-2703-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2703-1"
},
{
"name": "[oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/17/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/cinder/+bug/1415087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[openstack-announce] 20150616 [OSSA 2015-011.1] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html"
},
{
"name": "DSA-3292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3292"
},
{
"name": "[oss-security] 20150613 CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/13/1"
},
{
"name": "[oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/17/7"
},
{
"name": "RHSA-2015:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1206.html"
},
{
"name": "USN-2703-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2703-1"
},
{
"name": "[oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/17/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/cinder/+bug/1415087"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1851",
"datePublished": "2015-06-25T16:00:00.000Z",
"dateReserved": "2015-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:54:16.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0162 (GCVE-0-2014-0162)
Vulnerability from nvd – Published: 2014-04-27 20:00 – Updated: 2024-08-06 09:05
VLAI
Summary
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2193-1 | vendor-advisoryx_refsource_UBUNTU |
| https://launchpad.net/bugs/1298698 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| http://rhn.redhat.com/errata/RHSA-2014-0455.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2014-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2193-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2193-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1298698"
},
{
"name": "[oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/10/13"
},
{
"name": "RHSA-2014:0455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-02T14:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2193-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2193-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1298698"
},
{
"name": "[oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/10/13"
},
{
"name": "RHSA-2014:0455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0162",
"datePublished": "2014-04-27T20:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:39.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0167 (GCVE-0-2014-0167)
Vulnerability from nvd – Published: 2014-04-15 14:00 – Updated: 2024-08-06 09:05
VLAI
Summary
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| https://launchpad.net/bugs/1290537 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2247-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2014-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140409 [OSSA 2014-011] RBAC policy not properly enforced in Nova EC2 API (CVE-2014-0167)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/09/26"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1290537"
},
{
"name": "USN-2247-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2247-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-19T14:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20140409 [OSSA 2014-011] RBAC policy not properly enforced in Nova EC2 API (CVE-2014-0167)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/09/26"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1290537"
},
{
"name": "USN-2247-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2247-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0167",
"datePublished": "2014-04-15T14:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:38.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7130 (GCVE-0-2013-7130)
Vulnerability from nvd – Published: 2014-02-06 16:00 – Updated: 2024-08-06 18:01
VLAI
Summary
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://review.openstack.org/#/c/68659/ | x_refsource_CONFIRM |
| https://review.openstack.org/#/c/68658/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/65106 | vdb-entryx_refsource_BID |
| https://review.openstack.org/#/c/68660/ | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://bugs.launchpad.net/nova/+bug/1251590 | x_refsource_MISC |
| http://secunia.com/advisories/56450 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/102416 | vdb-entryx_refsource_OSVDB |
| http://www.ubuntu.com/usn/USN-2247-1 | vendor-advisoryx_refsource_UBUNTU |
| http://rhn.redhat.com/errata/RHSA-2014-0231.html | vendor-advisoryx_refsource_REDHAT |
| http://www.openwall.com/lists/oss-security/2014/01/23/5 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2014-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/68659/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/68658/"
},
{
"name": "65106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/68660/"
},
{
"name": "openstack-cve20137130-info-disc(90652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90652"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1251590"
},
{
"name": "56450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56450"
},
{
"name": "102416",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102416"
},
{
"name": "USN-2247-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2247-1"
},
{
"name": "RHSA-2014:0231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html"
},
{
"name": "[oss-security] 20140124 [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/23/5"
},
{
"name": "FEDORA-2014-1463",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html"
},
{
"name": "FEDORA-2014-1516",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/68659/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/68658/"
},
{
"name": "65106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/68660/"
},
{
"name": "openstack-cve20137130-info-disc(90652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90652"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/nova/+bug/1251590"
},
{
"name": "56450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56450"
},
{
"name": "102416",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102416"
},
{
"name": "USN-2247-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2247-1"
},
{
"name": "RHSA-2014:0231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html"
},
{
"name": "[oss-security] 20140124 [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/23/5"
},
{
"name": "FEDORA-2014-1463",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html"
},
{
"name": "FEDORA-2014-1516",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://review.openstack.org/#/c/68659/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/68659/"
},
{
"name": "https://review.openstack.org/#/c/68658/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/68658/"
},
{
"name": "65106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65106"
},
{
"name": "https://review.openstack.org/#/c/68660/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/68660/"
},
{
"name": "openstack-cve20137130-info-disc(90652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90652"
},
{
"name": "https://bugs.launchpad.net/nova/+bug/1251590",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/nova/+bug/1251590"
},
{
"name": "56450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56450"
},
{
"name": "102416",
"refsource": "OSVDB",
"url": "http://osvdb.org/102416"
},
{
"name": "USN-2247-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2247-1"
},
{
"name": "RHSA-2014:0231",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html"
},
{
"name": "[oss-security] 20140124 [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/23/5"
},
{
"name": "FEDORA-2014-1463",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html"
},
{
"name": "FEDORA-2014-1516",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7130",
"datePublished": "2014-02-06T16:00:00.000Z",
"dateReserved": "2013-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1851 (GCVE-0-2015-1851)
Vulnerability from cvelistv5 – Published: 2015-06-25 16:00 – Updated: 2024-08-06 04:54
VLAI
Summary
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://lists.openstack.org/pipermail/openstack-an… | mailing-listx_refsource_MLIST |
| http://www.debian.org/security/2015/dsa-3292 | vendor-advisoryx_refsource_DEBIAN |
| http://www.openwall.com/lists/oss-security/2015/06/13/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2015/06/17/7 | mailing-listx_refsource_MLIST |
| http://rhn.redhat.com/errata/RHSA-2015-1206.html | vendor-advisoryx_refsource_REDHAT |
| http://www.ubuntu.com/usn/USN-2703-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.openwall.com/lists/oss-security/2015/06/17/2 | mailing-listx_refsource_MLIST |
| https://bugs.launchpad.net/cinder/+bug/1415087 | x_refsource_CONFIRM |
Date Public
2015-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:54:16.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[openstack-announce] 20150616 [OSSA 2015-011.1] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html"
},
{
"name": "DSA-3292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3292"
},
{
"name": "[oss-security] 20150613 CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/13/1"
},
{
"name": "[oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/17/7"
},
{
"name": "RHSA-2015:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1206.html"
},
{
"name": "USN-2703-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2703-1"
},
{
"name": "[oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/17/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/cinder/+bug/1415087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[openstack-announce] 20150616 [OSSA 2015-011.1] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html"
},
{
"name": "DSA-3292",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3292"
},
{
"name": "[oss-security] 20150613 CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/13/1"
},
{
"name": "[oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/17/7"
},
{
"name": "RHSA-2015:1206",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1206.html"
},
{
"name": "USN-2703-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2703-1"
},
{
"name": "[oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/17/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/cinder/+bug/1415087"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-1851",
"datePublished": "2015-06-25T16:00:00.000Z",
"dateReserved": "2015-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:54:16.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0162 (GCVE-0-2014-0162)
Vulnerability from cvelistv5 – Published: 2014-04-27 20:00 – Updated: 2024-08-06 09:05
VLAI
Summary
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-2193-1 | vendor-advisoryx_refsource_UBUNTU |
| https://launchpad.net/bugs/1298698 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| http://rhn.redhat.com/errata/RHSA-2014-0455.html | vendor-advisoryx_refsource_REDHAT |
Date Public
2014-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2193-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2193-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1298698"
},
{
"name": "[oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/10/13"
},
{
"name": "RHSA-2014:0455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-02T14:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-2193-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2193-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1298698"
},
{
"name": "[oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/10/13"
},
{
"name": "RHSA-2014:0455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0162",
"datePublished": "2014-04-27T20:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:39.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0167 (GCVE-0-2014-0167)
Vulnerability from cvelistv5 – Published: 2014-04-15 14:00 – Updated: 2024-08-06 09:05
VLAI
Summary
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| https://launchpad.net/bugs/1290537 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-2247-1 | vendor-advisoryx_refsource_UBUNTU |
Date Public
2014-04-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140409 [OSSA 2014-011] RBAC policy not properly enforced in Nova EC2 API (CVE-2014-0167)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/09/26"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1290537"
},
{
"name": "USN-2247-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2247-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-19T14:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20140409 [OSSA 2014-011] RBAC policy not properly enforced in Nova EC2 API (CVE-2014-0167)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/09/26"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1290537"
},
{
"name": "USN-2247-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2247-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0167",
"datePublished": "2014-04-15T14:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:38.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7130 (GCVE-0-2013-7130)
Vulnerability from cvelistv5 – Published: 2014-02-06 16:00 – Updated: 2024-08-06 18:01
VLAI
Summary
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://review.openstack.org/#/c/68659/ | x_refsource_CONFIRM |
| https://review.openstack.org/#/c/68658/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/65106 | vdb-entryx_refsource_BID |
| https://review.openstack.org/#/c/68660/ | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://bugs.launchpad.net/nova/+bug/1251590 | x_refsource_MISC |
| http://secunia.com/advisories/56450 | third-party-advisoryx_refsource_SECUNIA |
| http://osvdb.org/102416 | vdb-entryx_refsource_OSVDB |
| http://www.ubuntu.com/usn/USN-2247-1 | vendor-advisoryx_refsource_UBUNTU |
| http://rhn.redhat.com/errata/RHSA-2014-0231.html | vendor-advisoryx_refsource_REDHAT |
| http://www.openwall.com/lists/oss-security/2014/01/23/5 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2014-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/68659/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/68658/"
},
{
"name": "65106",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/68660/"
},
{
"name": "openstack-cve20137130-info-disc(90652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90652"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1251590"
},
{
"name": "56450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56450"
},
{
"name": "102416",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102416"
},
{
"name": "USN-2247-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2247-1"
},
{
"name": "RHSA-2014:0231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html"
},
{
"name": "[oss-security] 20140124 [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/23/5"
},
{
"name": "FEDORA-2014-1463",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html"
},
{
"name": "FEDORA-2014-1516",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/68659/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/68658/"
},
{
"name": "65106",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/68660/"
},
{
"name": "openstack-cve20137130-info-disc(90652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90652"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/nova/+bug/1251590"
},
{
"name": "56450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56450"
},
{
"name": "102416",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102416"
},
{
"name": "USN-2247-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2247-1"
},
{
"name": "RHSA-2014:0231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html"
},
{
"name": "[oss-security] 20140124 [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/23/5"
},
{
"name": "FEDORA-2014-1463",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html"
},
{
"name": "FEDORA-2014-1516",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://review.openstack.org/#/c/68659/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/68659/"
},
{
"name": "https://review.openstack.org/#/c/68658/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/68658/"
},
{
"name": "65106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65106"
},
{
"name": "https://review.openstack.org/#/c/68660/",
"refsource": "CONFIRM",
"url": "https://review.openstack.org/#/c/68660/"
},
{
"name": "openstack-cve20137130-info-disc(90652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90652"
},
{
"name": "https://bugs.launchpad.net/nova/+bug/1251590",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/nova/+bug/1251590"
},
{
"name": "56450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56450"
},
{
"name": "102416",
"refsource": "OSVDB",
"url": "http://osvdb.org/102416"
},
{
"name": "USN-2247-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2247-1"
},
{
"name": "RHSA-2014:0231",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0231.html"
},
{
"name": "[oss-security] 20140124 [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/23/5"
},
{
"name": "FEDORA-2014-1463",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html"
},
{
"name": "FEDORA-2014-1516",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7130",
"datePublished": "2014-02-06T16:00:00.000Z",
"dateReserved": "2013-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}