CVE-2012-3360

Priority
Description
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute
(Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based
hypervisors, allows remote authenticated users to write arbitrary files to
the disk image via a .. (dot dot) in the path attribute of a file element.
Notes
 tyhicks> Per OpenStack Vuln Mgmt Team, only Essex and later are affected
Assigned-to
sbeattie
Package
Source: nova (LP Ubuntu Debian)
Upstream:released (2012.2~f2)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2012.2~f2-0ubuntu1)
More Information

Updated: 2018-10-31 21:06:06 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)