LOW

GHSA-grp5-h379-j75x

OpenStack Nova live snapshots use an insecure local directory

Details

OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / nova

Introduced in: 0 Fixed in: 12.0.0a0

Fix pip install --upgrade 'nova>=12.0.0a0'

References

https://nvd.nist.gov/vuln/detail/CVE-2013-7048 [ADVISORY]
https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d [WEB]
https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f [WEB]
https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa [WEB]
https://bugs.launchpad.net/nova/+bug/1227027 [WEB]
https://github.com/openstack/nova [PACKAGE]
http://rhn.redhat.com/errata/RHSA-2014-0231.html [WEB]
http://www.openwall.com/lists/oss-security/2014/01/13/2 [WEB]