{"id":"PYSEC-2026-873","summary":"OpenStack Nova live snapshots use an insecure local directory","details":"OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.","aliases":["CVE-2013-7048","GHSA-grp5-h379-j75x"],"modified":"2026-07-07T11:45:48.204862718Z","published":"2026-07-06T08:03:22.216759Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7048"},{"type":"WEB","url":"https://github.com/openstack/nova/commit/75be5abd6b3fa0f7f27fe9c805f832cd41d44a5d"},{"type":"WEB","url":"https://github.com/openstack/nova/commit/8a34fc3d48c467aa196f65eed444ccdc7c02f19f"},{"type":"WEB","url":"https://github.com/openstack/nova/commit/9bd7fff8c0160057643cfc37c5e2b1cd3337d6aa"},{"type":"WEB","url":"https://bugs.launchpad.net/nova/+bug/1227027"},{"type":"PACKAGE","url":"https://github.com/openstack/nova"},{"type":"WEB","url":"http://rhn.redhat.com/errata/RHSA-2014-0231.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/01/13/2"},{"type":"PACKAGE","url":"https://pypi.org/project/nova"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-grp5-h379-j75x"}],"affected":[{"package":{"name":"nova","ecosystem":"PyPI","purl":"pkg:pypi/nova"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.0.0a0"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-873.yaml"}}],"schema_version":"1.7.5"}