CVE-2013-7048: OpenStack Nova live snapshots use an insecure local directory
3.3
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.17201%
CWE
-
Published
5/14/2022
Updated
5/14/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
AV:L/AC:M/Au:N/C:P/I:P/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
nova | pip | < 12.0.0a0 | 12.0.0a0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from the insecure 777 permissions set on the temporary directory during live snapshots. The commit diff shows the vulnerable code in 'nova/virt/libvirt/driver.py'
where 'chmod 777'
was called via utils.execute
. This function is directly responsible for configuring the directory permissions, and the patch replaces it with a secure alternative (0o701). The explicit use of 777 permissions in the original code matches the vulnerability description, making this function the clear root cause.