CVE-2015-7548
low-risk
Published 2016-01-12
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
Do I need to act?
-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10
Low
NETWORK
/ HIGH complexity
Affected Products (1)
Nova
Affected Vendors
References (6)
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0018.html
Third Party Advisory
http://www.securityfocus.com/bid/80176
Vendor Advisory
https://security.openstack.org/ossa/OSSA-2016-001.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0018.html
Third Party Advisory
http://www.securityfocus.com/bid/80176
Vendor Advisory
https://security.openstack.org/ossa/OSSA-2016-001.html
18
/ 100
low-risk
Severity
12/34 · Low
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal