Openstack nova qcow format could expose host filesystem information

CVE-2011-3147 → View on GitHub ↗ View on CVE.org ↗ View on NVD ↗

Description

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.

Basic information

Type: reviewed
Severity: low
Advisory on GitHub: Open advisory ↗
Repository advisory: —
Source code: Not specified
Published (advisory): 2022-04-22 00:24:07 UTC
Updated: 2024-05-09 15:59:28 UTC
GitHub reviewed: 2024-05-09 15:59:26 UTC
NVD published: 2019-04-22

EPSS Score

Score	Percentile
0.18%	40.12%

CVSS Scores

Base score	Version	Severity	Vector
2.8	3.0	—	`CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:C) Breaking this can reach past the original component and bite other resources—bigger blast radius. Confidentiality (C:L) Some sensitive info could get out, but not a total data dump. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.

Identifiers

Type	Value
GHSA	GHSA-hqfx-4x4w-vmwp ↗
CVE	CVE-2011-3147 ↗

CWEs

CWE id	Name
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem	Package	Vulnerable range	First patched	Vulnerable functions
pip	nova	< 12.0.0a0	12.0.0a0	—

References

cvelogic Threat Intelligence