4.3

CVE-2012-5625

EPSS 0.83%
Veröffentlicht 26.12.2012 22:55:03
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Folsom Version2012.2

Openstack ≫ Grizzly Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.83%	0.723

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://osvdb.org/88419

http://rhn.redhat.com/errata/RHSA-2013-0208.html

http://www.openwall.com/lists/oss-security/2012/12/11/5

http://www.securityfocus.com/bid/56904

http://www.ubuntu.com/usn/USN-1663-1

Patch

https://bugs.launchpad.net/nova/+bug/1070539

https://bugzilla.redhat.com/show_bug.cgi?id=884293

https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f

Patch

https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354

Patch

https://launchpad.net/nova/folsom/2012.2.2

https://nvd.nist.gov/vuln/detail/CVE-2012-5625

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5625

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5625

EUVD