CVE 2013-7048
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.
Related bugs and status
CVE-2013-7048 (Candidate) is related to these bugs:
Bug #1227027: [OSSA 2014-001] Insecure directory permissions with snapshot code (CVE-2013-7048)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1227027 | [OSSA 2014-001] Insecure directory permissions with snapshot code (CVE-2013-7048) | OpenStack Compute (nova) | High | Fix Released | ||
1227027 | [OSSA 2014-001] Insecure directory permissions with snapshot code (CVE-2013-7048) | OpenStack Security Advisory | Medium | Fix Released | ||
1227027 | [OSSA 2014-001] Insecure directory permissions with snapshot code (CVE-2013-7048) | OpenStack Compute (nova) grizzly | High | Fix Released | ||
1227027 | [OSSA 2014-001] Insecure directory permissions with snapshot code (CVE-2013-7048) | OpenStack Compute (nova) havana | High | Fix Released |
Bug #1284643: [SRU] Meta bug for tracking Openstack 2013.2.2
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | nova (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | Ubuntu Cloud Archive | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | neutron (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | horizon (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | keystone (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | cinder (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | glance (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | cinder (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | glance (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | heat (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | horizon (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | keystone (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | neutron (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | nova (Ubuntu Saucy) | Undecided | Fix Released | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | ceilometer (Ubuntu) | Undecided | Invalid | ||
1284643 | [SRU] Meta bug for tracking Openstack 2013.2.2 | ceilometer (Ubuntu Saucy) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.