QwikSec

Security Database

CVE

CWE

Training

CVE-2012-3360

Published: Jul 22, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

https://bugs.launchpad.net/nova/+bug/1015531

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)

mailing-list

x_refsource_MLIST

FEDORA-2012-10420

vendor-advisory

x_refsource_FEDORA

https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7

x_refsource_CONFIRM

https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.