{
  "modified": "2025-08-09T19:01:28Z",
  "published": "2012-07-22T16:55:45Z",
  "id": "CVE-2012-3360",
  "details": "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/49763"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/49802"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.ubuntu.com/usn/USN-1497-1"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
    },
    {
      "type": "FIX",
      "url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"
    },
    {
      "type": "FIX",
      "url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/54277"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/nova/+bug/1015531"
    },
    {
      "type": "WEB",
      "url": "https://lists.launchpad.net/openstack/msg14089.html"
    }
  ]
}