CVE-2012-3360Path Traversal in Nova

CWE-22Path Traversal10 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
1.4%
top 19.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Openstack NovaOpenstack EssexOpenstack Folsom
Timeline
PublishedJul 22
Latest updateMay 17

Description

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages4 packages

PyPIopenstack/nova< 12.0.0a0
Debianopenstack/nova< 2012.1.1-2+3
NVDopenstack/essex2012.1
NVDopenstack/folsom2012.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
OpenStack Nova Directory traversal vulnerability2022-05-17
OSV
OpenStack Nova Directory traversal vulnerability2022-05-17
OSV
CVE-2012-3360: Directory traversal vulnerability in virt/disk/api2012-07-22
CVEList
CVE-2012-3360: Directory traversal vulnerability in virt/disk/api2012-07-22

📋Vendor Advisories

2
Ubuntu
Nova vulnerabilities2012-07-03
Debian
CVE-2012-3360: nova - Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova...2012

💬Community

3
Bugzilla
CVE-2012-3360 OpenStack-Nova: compute nodes file injection in disk images [epel-6]2012-07-28
Bugzilla
CVE-2012-3360 OpenStack-Nova: compute nodes file injection in disk images [fedora-all]2012-07-28
Bugzilla
CVE-2012-3360 OpenStack-Nova: compute nodes file injection in disk images2012-06-28
CVE-2012-3360 — Path Traversal in Openstack Nova | cvebase