CVE-2015-7548

Published: 12 January 2016

OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.

Priority

Medium

CVSS 3 base score: 3.5

Status

Package Release Status
nova
Launchpad, Ubuntu, Debian
Upstream
Released (12.0.1)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(2:13.0.0-0ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:2014.1.5-0ubuntu1.7])