Vulnerability in Openstack Diablo
CVE-2012-3361
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
EPSS: 0.014 (80.6th percentile) — read the EPSS interpretation.
Affected products
- Openstack Diablo — versions 2011.3
- Openstack Essex — versions 2012.1
- Openstack Folsom — versions 2012.2
- N/a — versions n/a
Weakness classification (CWE)
References
- 49763 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- 54278 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM)
- 49802 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- FEDORA-2012-10418 (x_refsource_FEDORA, vendor-advisory)
- [openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361) (mailing-list, x_refsource_MLIST)
- FEDORA-2012-10420 (x_refsource_FEDORA, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)