Miggo Logo

CVE-2011-4596: OpenStack Nova Multiple directory traversal vulnerabilities

6

CVSS Score

Basic Information

EPSS Score
0.76017%
Published
5/14/2022
Updated
5/14/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
AV:N/AC:M/Au:S/C:P/I:P/A:P
Package NameEcosystemVulnerable VersionsFirst Patched Version
novapip< 12.0.0a012.0.0a0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key functions:

  1. _download_file used os.path.join(local_dir, filename) without sanitizing 'filename', allowing path traversal (fixed by adding os.path.basename()).
  2. _untarzip_image used tarfile.extractall() without validating tar entry names (fixed by adding _test_for_malicious_tarball check). Both issues are directly addressed in the patch and confirmed by CVE descriptions/bug reports (LP#885167, LP#894755).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Multipl* *ir**tory tr*v*rs*l vuln*r**iliti*s in Op*nSt**k Nov* ***or* ****.*.*, w**n t** *** *PI *n* t** S*/R**ist*rIm*** im***-r**istr*tion m*t*o* *r* *n**l**, *llow r*mot* *ut**nti**t** us*rs to ov*rwrit* *r*itr*ry *il*s vi* * *r**t** (*) t*r**ll o

Reasoning

T** vuln*r**ility st*ms *rom two k*y *un*tions: *. _*ownlo**_*il* us** os.p*t*.join(lo**l_*ir, *il*n*m*) wit*out s*nitizin* '*il*n*m*', *llowin* p*t* tr*v*rs*l (*ix** *y ***in* os.p*t*.**s*n*m*()). *. _unt*rzip_im*** us** t*r*il*.*xtr**t*ll() wit*o