Описание
A flaw was found in how the OpenStack Compute (nova) service handles the qemu-img functionality during a snapshot upload. An authenticated attacker could possibly use this flaw to trick Compute into disclosing any file to which the Compute service user has access. However, it is unlikely that the code path can currently be exploited by an attacker.
Отчет
Red Hat Product Security has rated this issue as having Low security impact in all supported versions of Red Hat Enterprise Linux OpenStack Platform. While this issue is present, we do not believe the code path is currently reachable in an attacker exploitable fashion. A future update may address this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | openstack-nova | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | openstack-nova | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | openstack-nova | Will not fix |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS2
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none.
5.5 Medium
CVSS2