Directory Traversal Vulnerability in OpenStack Compute by OpenStack
CVE-2012-3360

Currently unrated

Key Information:

Vendor: Openstack
Status: Essex; Folsom
Vendor: CVE Published:; 22 July 2012

Summary

A directory traversal vulnerability exists in OpenStack Compute (Nova) due to improper handling of path attributes in the virt/disk/api.py file. This flaw allows remote authenticated users to leverage specially crafted requests to write arbitrary files to the disk images utilized by libvirt-based hypervisors. By manipulating the file element's path attribute with traversal sequences, attackers can potentially compromise system integrity and manipulate files, posing risks to the overall security of the cloud environment.

References

http://www.securityfocus.com/bid/54277

vdb-entryx_refsource_BID

http://secunia.com/advisories/49763

third-party-advisoryx_refsource_SECUNIA

https://bugs.launchpad.net/nova/+bug/1015531

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 22, 2012
Vulnerability Reserved
Jun 14, 2012