CVE-2012-5625 — Sensitive Information Exposure in Nova

CWE-200 — Sensitive Information Exposure CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer8 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

1.1%

top 22.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Nova Openstack Folsom

Timeline

PublishedDec 26

Latest updateMay 17

Description

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶PyPIopenstack/nova< 12.0.0a0

▶NVDopenstack/folsom2012.2

Patches

Patch: www.ubuntu.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

OpenStack Nova Information leak in libvirt LVM-backed instances↗2022-05-17

▶

GHSA

OpenStack Nova Information leak in libvirt LVM-backed instances↗2022-05-17

▶

CVEList

CVE-2012-5625: OpenStack Compute (Nova) Folsom before 2012↗2012-12-26

▶

📋Vendor Advisories

Red Hat

CVE-2012-5625: OpenStack Compute (Nova) Folsom before 2012↗2012-12-26

▶

Ubuntu

Nova vulnerability↗2012-12-12

▶

Debian

CVE-2012-5625: nova - OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt ...↗2012

▶

💬Community

Bugzilla

CVE-2012-5625 OpenStack Nova: Information leak in libvirt LVM-backed instances↗2012-12-05

▶