Path Traversal in Openstack Essex
CVE-2012-3360
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image vi…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.014 (80.6th percentile) — read the EPSS interpretation.
Affected products
- Openstack Essex — versions 2012.1
- Openstack Folsom — versions 2012.2
- N/a — versions n/a
Weakness classification (CWE)
References
- 54277 (vdb-entry, x_refsource_BID)
- 49763 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- 49802 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- [openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361) (mailing-list, x_refsource_MLIST)
- FEDORA-2012-10420 (x_refsource_FEDORA, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
- USN-1497-1 (x_refsource_UBUNTU, vendor-advisory)