Home > Vulnerability Database > CVE-2013-7130

Mend.io Vulnerability Database

CVE-2013-7130

Date: February 6, 2014

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

Severity Score

3.1

Related Resources (22)

Url: https://github.com/openstack/nova/commit/b0d36683fe064b32cbef013e1c0c46bd018ab9a1

Url: https://review.openstack.org/#/c/68658

Url: https://review.openstack.org/#/c/68660/

Url: https://review.openstack.org/#/c/68659

Url: http://rhn.redhat.com/errata/RHSA-2014-0231.html

Url: http://secunia.com/advisories/56450

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/90652

Url: https://review.openstack.org/#/c/68659/

Url: http://osvdb.org/102416

Url: https://review.openstack.org/#/c/68660

Url: https://review.openstack.org/#/c/68658/

Url: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127732.html

Url: http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127735.html

Url: https://github.com/openstack/nova/commit/15ee7e17f63f5583307a546ecf28952c364c88f9

Url: https://bugs.launchpad.net/nova/+bug/1251590

Url: http://www.openwall.com/lists/oss-security/2014/01/23/5

Url: https://github.com/openstack/nova

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-7130

Url: http://www.ubuntu.com/usn/USN-2247-1

Url: http://www.securityfocus.com/bid/65106

Url: https://github.com/openstack/nova/commit/cbeb5e51886b0296349fc476305bfe3d63c627c3

Url: https://www.mend.io/vulnerability-database/CVE-2013-7130

Severity Score

3.1

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	7.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-7130

Date: February 6, 2014

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?