Vulnerability Description
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Nova | >= 2011.3, < 2011.3.1 |
Related Weaknesses (CWE)
References
- https://bugs.launchpad.net/nova/+bug/885167Third Party Advisory
- https://bugs.launchpad.net/nova/+bug/894755Third Party Advisory
- https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9eThird Party Advisory
- https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667Third Party Advisory
- https://lists.launchpad.net/openstack/msg06105.htmlThird Party Advisory
- https://bugs.launchpad.net/nova/+bug/885167Third Party Advisory
- https://bugs.launchpad.net/nova/+bug/894755Third Party Advisory
- https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9eThird Party Advisory
- https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667Third Party Advisory
- https://lists.launchpad.net/openstack/msg06105.htmlThird Party Advisory
FAQ
What is CVE-2011-4596?
CVE-2011-4596 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to ove...
How severe is CVE-2011-4596?
CVE-2011-4596 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4596?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Nova.