CVE-2016-2140

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions prior to 2015.1.4 (kilo) OpenStack Compute (Nova) versions 12.0.x prior to 12.0.3 (liberty)

Description The issue allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk when using raw storage and the use cow images option is set to false.

Recommendations For OpenStack Compute (Nova) versions prior to 2015.1.4 (kilo), update to version 2015.1.4 or later. For OpenStack Compute (Nova) versions 12.0.x prior to 12.0.3 (liberty), update to version 12.0.3 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2016-2140

GHSA-49JV-37HM-6GFP

RHSA-2016:0363

RHSA-2016:0364

RHSA-2016:0365

RHSA-2016:0366

SUSE-SU-2016:2143-1

USN-3449-1

Affected Products

Openstack Compute

Ubuntu

CVE-2016-2140

Weakness Enumeration

Related Identifiers

Affected Products

References · 44