4.3

CVE-2012-5625

EPSS 0.83%
Published 26.12.2012 22:55:03
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Openstack ≫ Folsom Version2012.2

Openstack ≫ Grizzly Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.83%	0.723

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://osvdb.org/88419

http://rhn.redhat.com/errata/RHSA-2013-0208.html

http://www.openwall.com/lists/oss-security/2012/12/11/5

http://www.securityfocus.com/bid/56904

http://www.ubuntu.com/usn/USN-1663-1

Patch

https://bugs.launchpad.net/nova/+bug/1070539

https://bugzilla.redhat.com/show_bug.cgi?id=884293

https://github.com/openstack/nova/commit/9d2ea970422591f8cdc394001be9a2deca499a5f

Patch

https://github.com/openstack/nova/commit/a99a802e008eed18e39fc1d98170edc495cbd354

Patch

https://launchpad.net/nova/folsom/2012.2.2

https://nvd.nist.gov/vuln/detail/CVE-2012-5625

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5625

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5625

EUVD