Vulnerabilities > Openstack > Nova > 2015.1.2

DATE CVE VULNERABILITY TITLE RISK
2016-04-12 CVE-2016-2140 Information Exposure vulnerability in Openstack Nova
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.
network
high complexity
openstack CWE-200
5.3
5.3
2016-01-15 CVE-2015-8749 Information Exposure vulnerability in Openstack Nova
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
network
high complexity
openstack CWE-200
5.9
5.9
2016-01-12 CVE-2015-7548 Information Exposure vulnerability in Openstack Nova
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
network
high complexity
openstack CWE-200
3.5
3.5