CVE-2013-7048

Published: Jan 23, 2014Modified: Apr 29, 2026

3.3

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 3.4 / Impact: 4.9

Source: NVD

Description

OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

Affected (2)

Products: Openstack: Nova

Openstack

1 product

Nova

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Nova	From 2013.1 to 2013.1.4
Openstack Nova	From 2013.2 to 2013.2.1

Related CWEs

CWE-264

References (6)

http://rhn.redhat.com/errata/RHSA-2014-0231.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/01/13/2

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugs.launchpad.net/nova/+bug/1227027

Source: cve@mitre.org

ExploitPatchThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-0231.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/01/13/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugs.launchpad.net/nova/+bug/1227027

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.