Directory Traversal Vulnerability in OpenStack Compute by OpenStack
CVE-2012-3360

Currently unrated

Key Information:

Vendor
Openstack
Status
Essex
Folsom
Vendor
CVE Published:
22 July 2012

Summary

A directory traversal vulnerability exists in OpenStack Compute (Nova) due to improper handling of path attributes in the virt/disk/api.py file. This flaw allows remote authenticated users to leverage specially crafted requests to write arbitrary files to the disk images utilized by libvirt-based hypervisors. By manipulating the file element's path attribute with traversal sequences, attackers can potentially compromise system integrity and manipulate files, posing risks to the overall security of the cloud environment.

References

http://www.securityfocus.com/bid/54277
vdb-entryx_refsource_BID
http://secunia.com/advisories/49763
third-party-advisoryx_refsource_SECUNIA
https://bugs.launchpad.net/nova/+bug/1015531
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.