CVE-2016-2140

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-2140

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2140.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-2140

Aliases

GHSA-49jv-37hm-6gfp

Related

Published

2016-04-12T14:59:10Z

Modified

2024-10-11T11:40:58Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.

References

Affected packages

Debian:11 / nova

Package

Name: nova
Purl: pkg:deb/debian/nova?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:13.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nova

Package

Name: nova
Purl: pkg:deb/debian/nova?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:13.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nova

Package

Name: nova
Purl: pkg:deb/debian/nova?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:13.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openstack/nova

Affected ranges

Type: GIT
Repo: https://github.com/openstack/nova
Events: Introduced

6df6ad3ff32f2b1fe2978df1032002548ad8eb66

Fixed

6fdf1c87b1149e8b395eaa9f4cbf27263cf96ac6