CVE-2011-4596

CWE-22Path Traversal9 documents7 sources
Severity
6.0MEDIUM
EPSS
0.5%
top 32.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedDec 23
Latest updateMay 14

Description

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

NVDopenstack/nova2011.32011.3.1
PyPInova< 12.0.0a0
Debiannova< 2012.1~e1-4+3

🔴Vulnerability Details

4
OSV
OpenStack Nova Multiple directory traversal vulnerabilities2022-05-14
GHSA
OpenStack Nova Multiple directory traversal vulnerabilities2022-05-14
CVEList
CVE-2011-4596: Multiple directory traversal vulnerabilities in OpenStack Nova before 20112011-12-23
OSV
CVE-2011-4596: Multiple directory traversal vulnerabilities in OpenStack Nova before 20112011-12-23

📋Vendor Advisories

2
Ubuntu
Nova vulnerability2011-12-13
Debian
CVE-2011-4596: nova - Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, ...2011

💬Community

2
Bugzilla
CVE 2011-4596 openstack-nova: Sanitize EC2 manifests and image tarballs2011-12-13
Bugzilla
CVE 2011-4596 openstack-nova: Sanitize EC2 manifests and image tarballs [fedora-16]2011-12-13
CVE-2011-4596 (MEDIUM CVSS 6) | Multiple directory traversal vulner | cvebase.io