Skip to content

OpenStack Nova Directory traversal vulnerability

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Nov 22, 2024

Package

pip nova (pip)

Affected versions

< 12.0.0a0

Patched versions

12.0.0a0

Description

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.

References

Published by the National Vulnerability Database Jul 22, 2012
Published to the GitHub Advisory Database May 17, 2022
Reviewed May 14, 2024
Last updated Nov 22, 2024

Severity

Moderate

EPSS score

0.441%
(76th percentile)

Weaknesses

CVE ID

CVE-2012-3360

GHSA ID

GHSA-m454-cm7h-rqhh

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.