File Access Vulnerability in OpenStack Compute by Red Hat
CVE-2015-7548

3.5LOW

Key Information:

Vendor
Openstack
Status
Nova
Vendor
CVE Published:
12 January 2016

Summary

A vulnerability in OpenStack Compute (Nova) prior to version 2015.1.3 and 12.0.x before 12.0.1, when using libvirt for instance spawning with the use_cow_images option set to false, can allow remote authenticated users to overwrite instance disks with maliciously crafted images. This exploitation leads to unauthorized access, enabling attackers to retrieve arbitrary files from the affected instance. It is crucial for users to apply the necessary updates to safeguard their system against potential breaches.

References

http://www.securityfocus.com/bid/80176
vdb-entryx_refsource_BID
http://rhn.redhat.com/errata/RHSA-2016-0018.html
vendor-advisoryx_refsource_REDHAT
https://security.openstack.org/ossa/OSSA-2016-001.html
x_refsource_CONFIRM

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.