Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions 2012.1 through 2012.2

Description A directory traversal issue exists when OpenStack Compute (Nova) is used over libvirt-based hypervisors. This allows remote authenticated users to write arbitrary files to the disk image by including a .. (dot dot) in the path attribute of a file element.

Recommendations For versions 2012.1 and 2012.2, consider restricting access to the virt/disk/api.py module to minimize the risk of exploitation until a patch is available.