Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1xcjYyLXI5eGMtcjJnas4AAU0x

Moderate EPSS: 0.01002% (0.75725 Percentile) EPSS:
Permalink JSON

OpenStack Nova Multiple directory traversal vulnerabilities

Affected Packages Affected Versions Fixed Versions
pypi:nova < 12.0.0a0 12.0.0a0
0 Dependent packages
40 Dependent repositories
3,743 Downloads last month

Affected Version Ranges

All affected versions

All unaffected versions

15.1.5, 16.1.6, 16.1.7, 16.1.8, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 17.0.12, 17.0.13, 18.0.2, 18.0.3, 18.1.0, 18.2.0, 18.2.1, 18.2.2, 18.2.3, 18.3.0, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.2.0, 19.3.0, 19.3.1, 19.3.2, 20.0.0, 20.0.1, 20.1.0, 20.1.1, 20.2.0, 20.3.0, 20.4.0, 20.4.1, 20.5.0, 20.6.0, 20.6.1, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 22.0.0, 22.0.1, 22.1.0, 22.2.0, 22.2.1, 22.2.2, 22.3.0, 22.4.0, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 23.2.0, 23.2.1, 23.2.2, 24.0.0, 24.1.0, 24.1.1, 24.2.0, 24.2.1, 25.0.0, 25.0.1, 25.1.0, 25.1.1, 25.2.0, 25.2.1, 25.3.0, 26.0.0, 26.1.0, 26.1.1, 26.2.0, 26.2.1, 26.2.2, 26.3.0, 27.0.0, 27.1.0, 27.2.0, 27.3.0, 27.4.0, 27.5.0, 27.5.1, 28.0.0, 28.0.1, 28.1.0, 28.2.0, 28.3.0, 28.3.1, 29.0.0, 29.0.1, 29.0.2, 29.1.0, 29.2.0, 29.2.1, 30.0.0, 31.0.0

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.

References:

Identifiers

GHSA-qr62-r9xc-r2gj

CVE-2011-4596

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.01002

EPSS Percentile: 0.75725

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/openstack/nova

Date and time

Published

about 3 years ago

Updated

about 1 year ago

API

JSON