CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-3361

virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.4%

CVSS Severity

CVSS v2 Score 5.5

References

http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html
http://secunia.com/advisories/49763
http://secunia.com/advisories/49802
http://www.securityfocus.com/bid/54278
http://www.ubuntu.com/usn/USN-1497-1
https://bugs.launchpad.net/nova/+bug/1015531
https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9
https://lists.launchpad.net/openstack/msg14089.html
https://review.openstack.org/#/c/9268/
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html
http://secunia.com/advisories/49763
http://secunia.com/advisories/49802
http://www.securityfocus.com/bid/54278
http://www.ubuntu.com/usn/USN-1497-1
https://bugs.launchpad.net/nova/+bug/1015531
https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9
https://lists.launchpad.net/openstack/msg14089.html
https://review.openstack.org/#/c/9268/

Products affected by CVE-2012-3361

Openstack » Diablo » Version: 2011.3

cpe:2.3:a:openstack:diablo:2011.3
Openstack » Essex » Version: 2012.1

cpe:2.3:a:openstack:essex:2012.1
Openstack » Folsom » Version: 2012.2

cpe:2.3:a:openstack:folsom:2012.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-3361

Products

Pricing

Contact Us