CVE-2011-3147

CWE-200Information Exposure6 documents5 sources
Severity
8.6HIGH
EPSS
0.2%
top 60.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedApr 22
Latest updateApr 22

Description

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

PyPInova< 12.0.0a0
NVDopenstack/nova2010.12012.1
Debiannova< 2012.1~e1-1+3

Patches

Patch: bazaar.launchpad.netPatch: bazaar.launchpad.net

🔴Vulnerability Details

4
OSV
Openstack nova qcow format could expose host filesystem information2022-04-22
GHSA
Openstack nova qcow format could expose host filesystem information2022-04-22
CVEList
qcow format could expose host filesystem information2019-04-22
OSV
CVE-2011-3147: Versions of nova before 20122019-04-22

📋Vendor Advisories

1
Debian
CVE-2011-3147: nova - Versions of nova before 2012.1 could expose hypervisor host files to a guest ope...2011
CVE-2011-3147 (HIGH CVSS 8.6) | Versions of nova before 2012.1 coul | cvebase.io