CVE-2013-7130Sensitive Information Exposure in Nova

CWE-200Sensitive Information Exposure11 documents8 sources
Severity
7.1HIGHNVD
EPSS
2.5%
top 14.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack NovaOpenstack Compute
Timeline
PublishedFeb 6
Latest updateMay 17

Description

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages3 packages

PyPIopenstack/nova< 12.0.0a0
Debianopenstack/nova< 2013.2.2+3
NVDopenstack/compute5 versions+4

Patches

Patch: review.openstack.orgPatch: review.openstack.orgPatch: review.openstack.org

🔴Vulnerability Details

4
OSV
OpenStack Nova Live migration can leak root disk into ephemeral storage2022-05-17
GHSA
OpenStack Nova Live migration can leak root disk into ephemeral storage2022-05-17
CVEList
CVE-2013-7130: The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, wh2014-02-06
OSV
CVE-2013-7130: The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, wh2014-02-06

📋Vendor Advisories

3
Ubuntu
OpenStack Nova vulnerabilities2014-06-17
Red Hat
nova: Live migration can leak root disk into ephemeral storage2014-01-23
Debian
CVE-2013-7130: nova - The i_create_images_and_backing (aka create_images_and_backing) method in libvir...2013

💬Community

3
Bugzilla
CVE-2013-7130 openstack-nova: OpenStack nova: Live migration can leak root disk into ephemeral storage [epel-6]2014-01-23
Bugzilla
CVE-2013-7130 openstack-nova: OpenStack nova: Live migration can leak root disk into ephemeral storage [fedora-all]2014-01-23
Bugzilla
CVE-2013-7130 OpenStack nova: Live migration can leak root disk into ephemeral storage2014-01-20
CVE-2013-7130 — Sensitive Information Exposure in Nova | cvebase