OSSA-2014-001: Nova live snapshots use an insecure local directory¶
January 13, 2014
Nova: Grizzly and later
Daniel Berrange from Red Hat reported that the directories used to temporarily store live snapshots on Nova compute nodes were writable to all local users. A local attacker with shell access on compute nodes could therefore read and modify the contents of live snapshots before those are uploaded to the image service.
Daniel Berrange from Red Hat (CVE-2013-7048)