Miggo Logo

CVE-2013-7048: OpenStack Nova live snapshots use an insecure local directory

3.3

CVSS Score

Basic Information

EPSS Score
0.17201%
CWE
-
Published
5/14/2022
Updated
5/14/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
AV:L/AC:M/Au:N/C:P/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
novapip< 12.0.0a012.0.0a0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the insecure 777 permissions set on the temporary directory during live snapshots. The commit diff shows the vulnerable code in 'nova/virt/libvirt/driver.py' where 'chmod 777' was called via utils.execute. This function is directly responsible for configuring the directory permissions, and the patch replaces it with a secure alternative (0o701). The explicit use of 777 permissions in the original code matches the vulnerability description, making this function the clear root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Op*nSt**k *omput* (Nov*) *rizzly ****.*.*, **v*n* ****.*.*, *n* **rli*r us*s worl*-writ**l* *n* worl*-r*****l* p*rmissions *or t** t*mpor*ry *ir**tory us** to stor* liv* sn*ps*ots, w*i** *llows lo**l us*rs to r*** *n* mo*i*y liv* sn*ps*ots.

Reasoning

T** vuln*r**ility st*ms *rom t** ins**ur* *** p*rmissions s*t on t** t*mpor*ry *ir**tory *urin* liv* sn*ps*ots. T** *ommit *i** s*ows t** vuln*r**l* *o** in `'nov*/virt/li*virt/*riv*r.py'` w**r* `'**mo* ***'` w*s **ll** vi* `utils.*x**ut*`. T*is *un*