ALT-PU-2016-3275-1

Package update openstack-nova in branch sisyphus

Version12.0.2-alt1

Published2016-03-28

Max severityMEDIUM

Severity:

Closed issues (3)

LOW3.5

OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.

Published: 2016-01-12Modified: 2025-04-12

CVSS 2.0LOW 2.1

CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:N/A:N

CVSS 3.xLOW 3.5

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

References

MEDIUM5.9

The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.

Published: 2016-01-15Modified: 2025-04-12

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References

GHSA-c36r-g737-9qp8

MEDIUM5.9

OpenStack Nova Potential Xen connection password leak via StorageError

Published: 2022-05-14Modified: 2024-05-15

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References