CVE-2013-7130: Infoleak
First published: Thu Feb 06 2014(Updated: )
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/nova | <12.0.0a0 | 12.0.0a0 |
| OpenStack Compute (Nova) | =2012.2 | |
| OpenStack Compute (Nova) | =2013.1 | |
| OpenStack Compute (Nova) | =2013.1.1 | |
| OpenStack Compute (Nova) | =2013.1.2 | |
| OpenStack Compute (Nova) | =2013.1.3 | |
| OpenStack Grizzly | ||
| OpenStack Havana | ||
| OpenStack Icehouse |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html
- http://osvdb.org/102416
- http://rhn.redhat.com/errata/RHSA-2014-0231.html
- http://secunia.com/advisories/56450
- http://www.openwall.com/lists/oss-security/2014/01/23/5
- http://www.securityfocus.com/bid/65106
- http://www.ubuntu.com/usn/USN-2247-1
- https://bugs.launchpad.net/nova/+bug/1251590
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90652
- https://review.openstack.org/#/c/68658/
- https://review.openstack.org/#/c/68659/
- https://review.openstack.org/#/c/68660/
- https://nvd.nist.gov/vuln/detail/CVE-2013-7130
- https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9
- https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1
- https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3
- https://review.openstack.org/#/c/68658
- https://review.openstack.org/#/c/68659
- https://review.openstack.org/#/c/68660
- https://github.com/advisories/GHSA-99rx-9x8v-9j8p (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-111.yaml
Frequently Asked Questions
What is the severity of CVE-2013-7130?
CVE-2013-7130 is considered a medium severity vulnerability.
How do I fix CVE-2013-7130?
To fix CVE-2013-7130, upgrade the OpenStack Compute (Nova) package to version 12.0.0a0 or later.
Which versions of OpenStack are affected by CVE-2013-7130?
CVE-2013-7130 affects OpenStack Compute versions Grizzly, Havana, and Icehouse.
What is the potential impact of CVE-2013-7130?
The potential impact of CVE-2013-7130 is that attackers may gain access to snapshot root disk contents of other users.
What component is primarily affected by CVE-2013-7130?
CVE-2013-7130 primarily affects the libvirt driver in OpenStack Compute.
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/weakness
- agent/description
- agent/event
- agent/references
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-99rx-9x8v-9j8p
- alias/CVE-2013-7130
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- collector/github-advisory
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- package-manager/pip
- vendor/openstack
- canonical/openstack compute (nova)
- version/openstack compute (nova)/2012.2
- version/openstack compute (nova)/2013.1
- version/openstack compute (nova)/2013.1.1
- version/openstack compute (nova)/2013.1.2
- version/openstack compute (nova)/2013.1.3
- canonical/openstack grizzly
- canonical/openstack havana
- canonical/openstack icehouse