Vulnerability Name: | CVE-2013-7130 (CCN-90652) | ||||||||||||||||
Assigned: | 2013-12-17 | ||||||||||||||||
Published: | 2014-01-24 | ||||||||||||||||
Updated: | 2017-08-29 | ||||||||||||||||
Summary: | The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. | ||||||||||||||||
CVSS v3 Severity: | 5.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)
| ||||||||||||||||
CVSS v2 Severity: | 7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N) 5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||
Vulnerability Type: | CWE-200 | ||||||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2013-7130 Source: FEDORA Type: UNKNOWN FEDORA-2014-1463 Source: FEDORA Type: UNKNOWN FEDORA-2014-1516 Source: OSVDB Type: UNKNOWN 102416 Source: REDHAT Type: UNKNOWN RHSA-2014:0231 Source: CCN Type: oss-sec Mailing List, Fri, 24 Jan 2014 02:38:24 +1000 [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130) Source: SECUNIA Type: Vendor Advisory 56450 Source: CCN Type: OpenStack Compute Web Site OpenStack Compute Source: MLIST Type: UNKNOWN [oss-security] 20140124 [OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130) Source: BID Type: UNKNOWN 65106 Source: CCN Type: BID-65106 OpenStack Compute (Nova) CVE-2013-7130 Information Disclosure Vulnerability Source: UBUNTU Type: UNKNOWN USN-2247-1 Source: CCN Type: Launchpad Bug #1251590 Live migration can leak root disk into ephemeral storage (CVE-2013-7130) Source: MISC Type: UNKNOWN https://bugs.launchpad.net/nova/+bug/1251590 Source: XF Type: UNKNOWN openstack-cve20137130-info-disc(90652) Source: XF Type: UNKNOWN openstack-cve20137130-info-disc(90652) Source: CONFIRM Type: Patch https://review.openstack.org/#/c/68658/ Source: CONFIRM Type: UNKNOWN https://review.openstack.org/#/c/68659/ Source: CONFIRM Type: Patch https://review.openstack.org/#/c/68660/ Source: CCN Type: WhiteSource Vulnerability Database CVE-2013-7130 | ||||||||||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |