Description
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4Attack Vector: Network
Complexity: High
Privileges: Low
User Interaction: None
Scope: Changed
Confidentiality: Low
Integrity: None
Availability: None
Affected Packages2 packages
▶Debiannova< 2:13.0.0~rc3-1+3 🔴Vulnerability Details
3GHSAGHSA-6q7v-7634-xrvf: OpenStack Compute (Nova) before 2015↗2022-05-14 OSVCVE-2015-7548: OpenStack Compute (Nova) before 2015↗2016-01-12 CVEListCVE-2015-7548: OpenStack Compute (Nova) before 2015↗2016-01-12 📋Vendor Advisories
3UbuntuOpenStack Nova vulnerabilities↗2017-10-11 Red Hatopenstack-nova: Unprivileged API user can access host data using instance snapshot↗2016-01-07 DebianCVE-2015-7548: nova - OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (libert...↗2015 💬Community
2BugzillaCVE-2015-7548 openstack-nova: Unprivileged API user can access host data using instance snapshot [fedora-all]↗2016-01-07 BugzillaCVE-2015-7548 openstack-nova: Unprivileged API user can access host data using instance snapshot↗2015-12-10