CVE-2013-7048

CWE-26410 documents7 sources

Severity

3.3LOW

EPSS

0.1%

top 82.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Nova

Timeline

PublishedJan 23

Latest updateMay 14

Description

OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

CVSS vector

AV:L/AC:M/C:P/I:P/A:NExploitability: 3.4 | Impact: 4.9

Affected Packages3 packages

▶NVDopenstack/nova2013.1 — 2013.1.4+1

▶PyPInova< 12.0.0a0

▶Debiannova< 2013.2.2+3

Patches

Patch: bugs.launchpad.net ↗Patch: bugs.launchpad.net ↗

🔴Vulnerability Details

OSV

OpenStack Nova live snapshots use an insecure local directory↗2022-05-14

▶

GHSA

OpenStack Nova live snapshots use an insecure local directory↗2022-05-14

▶

CVEList

CVE-2013-7048: OpenStack Compute (Nova) Grizzly 2013↗2014-01-23

▶

OSV

CVE-2013-7048: OpenStack Compute (Nova) Grizzly 2013↗2014-01-23

▶

📋Vendor Advisories

Red Hat

Nova: insecure directory permissions in snapshots↗2013-09-18

▶

Debian

CVE-2013-7048: nova - OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses wor...↗2013

▶

💬Community

Bugzilla

CVE-2013-7048 openstack-nova: Openstack Nova: insecure directory permissions in snapshots [epel-6]↗2013-12-12

▶

Bugzilla

CVE-2013-7048 Openstack Nova: insecure directory permissions in snapshots↗2013-12-12

▶

Bugzilla

CVE-2013-7048 openstack-nova: Openstack Nova: insecure directory permissions in snapshots [fedora-all]↗2013-12-12

▶