PT-2011-5002 · Openstack · Openstack Nova
David Black
·
Published
2011-12-23
·
Updated
2022-05-14
·
CVE-2011-4596
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OpenStack Nova versions prior to 2011.3.1
Description
The issue allows remote authenticated users to overwrite arbitrary files via a crafted tarball or manifest when the EC2 API and the S3/RegisterImage image-registration method are enabled.
Recommendations
For versions prior to 2011.3.1, update to version 2011.3.1 or later to resolve the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Nova