CVE-2013-7048 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2013-7048?

CVE-2013-7048 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-7048?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Nova.

Vulnerability Description

OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

CVSS Score

3.3

LOW

AV:L/AC:M/Au:N/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Openstack	Nova	>= 2013.1, <= 2013.1.4

Related Weaknesses (CWE)

CWE-264

References

http://rhn.redhat.com/errata/RHSA-2014-0231.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2014/01/13/2Mailing ListThird Party Advisory
https://bugs.launchpad.net/nova/+bug/1227027ExploitPatchThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0231.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2014/01/13/2Mailing ListThird Party Advisory
https://bugs.launchpad.net/nova/+bug/1227027ExploitPatchThird Party Advisory

FAQ

What is CVE-2013-7048?

CVE-2013-7048 is a vulnerability with a CVSS score of 3.3 (LOW). OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local ...

How severe is CVE-2013-7048?

CVE-2013-7048 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-7048?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Nova.