CVE-2013-7130
Last modified
CVE-2013-7130 is a vulnerability of currently unknown severity. The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.. EPSS estimates a 2.16% chance of exploitation in the next 30 days.
Description
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Compute | 2012.2 |
| Openstack | Compute | 2013.1 |
| Openstack | Compute | 2013.1.1 |
| Openstack | Compute | 2013.1.2 |
| Openstack | Compute | 2013.1.3 |
| Openstack | Grizzly | All versions |
| Openstack | Havana | All versions |
| Openstack | Icehouse | All versions |
References
- http://secunia.com/advisories/56450Vendor Advisory
- http://secunia.com/advisories/56450Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-7130?
How severe is CVE-2013-7130?
How do I fix CVE-2013-7130?
Are you affected by CVE-2013-7130?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST