7.1

CVE-2013-7130

EPSS 2.54%
Published 06.02.2014 17:00:06
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

Affected products Warnungen 0 Metrics 2 CWE 1 References 16

Data is provided by the National Vulnerability Database (NVD)

Openstack ≫ Compute Version2012.2

Openstack ≫ Compute Version2013.1

Openstack ≫ Compute Version2013.1.1

Openstack ≫ Compute Version2013.1.2

Openstack ≫ Compute Version2013.1.3

Openstack ≫ Grizzly Version-

Openstack ≫ Havana Version-

Openstack ≫ Icehouse Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.54%	0.84

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:C/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.ubuntu.com/usn/USN-2247-1

http://rhn.redhat.com/errata/RHSA-2014-0231.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html

http://osvdb.org/102416

http://secunia.com/advisories/56450

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/01/23/5

http://www.securityfocus.com/bid/65106

https://bugs.launchpad.net/nova/+bug/1251590

https://exchange.xforce.ibmcloud.com/vulnerabilities/90652

https://review.openstack.org/#/c/68658/

Patch

https://review.openstack.org/#/c/68659/

https://review.openstack.org/#/c/68660/

Patch

https://nvd.nist.gov/vuln/detail/CVE-2013-7130

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-7130

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-7130

EUVD