CVE-2011-3147

Published: Apr 22, 2019Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.

Affected (1)

Products: Openstack: Nova

Openstack

1 product

Nova

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Nova	From 2010.1 to 2012.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604

Source: cve@mitre.org

PatchThird Party Advisory

http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.