CVE-2012-3360 (retired)

Priority
Description
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute
(Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based
hypervisors, allows remote authenticated users to write arbitrary files to
the disk image via a .. (dot dot) in the path attribute of a file element.
Notes
 tyhicks> Per OpenStack Vuln Mgmt Team, only Essex and later are affected
Assigned-to
sbeattie
Package
Source: nova (LP Ubuntu Debian)
Upstream:released (2012.2~f2)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2012.2~f2-0ubuntu1)
More Information

Updated: 2019-03-26 12:02:48 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)