Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1yd2hyLWg2OWctOHFtcc4AAfU3

OpenStack Nova Information leak in libvirt LVM-backed instances

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).

Permalink: https://github.com/advisories/GHSA-rwhr-h69g-8qmq
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yd2hyLWg2OWctOHFtcc4AAfU3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 5 months ago

Identifiers: GHSA-rwhr-h69g-8qmq, CVE-2012-5625
References:

Repository: https://github.com/openstack/nova
Blast Radius: 0.0

Affected Packages

pypi:nova

Dependent packages: 0
Dependent repositories: 40
Downloads: 7,869 last month
Affected Version Ranges: < 12.0.0a0
Fixed in: 12.0.0a0
All affected versions:
All unaffected versions: 15.1.5, 16.1.6, 16.1.7, 16.1.8, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 17.0.12, 17.0.13, 18.0.2, 18.0.3, 18.1.0, 18.2.0, 18.2.1, 18.2.2, 18.2.3, 18.3.0, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.1.0, 19.2.0, 19.3.0, 19.3.1, 19.3.2, 20.0.0, 20.0.1, 20.1.0, 20.1.1, 20.2.0, 20.3.0, 20.4.0, 20.4.1, 20.5.0, 20.6.0, 20.6.1, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 22.0.0, 22.0.1, 22.1.0, 22.2.0, 22.2.1, 22.2.2, 22.3.0, 22.4.0, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 23.2.0, 23.2.1, 23.2.2, 24.0.0, 24.1.0, 24.1.1, 24.2.0, 24.2.1, 25.0.0, 25.0.1, 25.1.0, 25.1.1, 25.2.0, 25.2.1, 25.3.0, 26.0.0, 26.1.0, 26.1.1, 26.2.0, 26.2.1, 26.2.2, 26.3.0, 27.0.0, 27.1.0, 27.2.0, 27.3.0, 27.4.0, 27.5.0, 28.0.0, 28.0.1, 28.1.0, 28.2.0, 28.3.0, 29.0.0, 29.0.1, 29.0.2, 29.1.0, 29.2.0, 30.0.0