CVE-2014-0134 — Vulnetix

CVE-2014-0134 PUBLISHED CVSS 3.5 LOW

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.

EPSS 0.20% · 42.2th percentile

Risk Scores

CVSS 2.0

3.5

EPSS Score

0.20%

42.2th percentile

Affected Products

Vendor	Product	Versions
PyPI	nova	0
n/a	n/a	n/a
openstack	compute	2013.2, 2013.2.1, 2013.2.2

Exploit Intelligence

https://bugs.launchpad.net/nova/+bug/1221190 (circl)
[oss-security] 20140327 [OSSA 2014-009] Nova host data leak to vm instance in rescue mode (CVE-2014-0134) (circl)
USN-2247-1 (circl)

Timeline

May 8, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

https://bugs.launchpad.net/nova/+bug/1221190 url
[oss-security] 20140327 [OSSA 2014-009] Nova host data leak to vm instance in rescue mode (CVE-2014-0134) mailing-list
USN-2247-1 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2014-0134 advisory
https://github.com/openstack/nova/commit/25e761acd56d4c820273fc0245ada06c500c1637 url
https://github.com/openstack/nova/commit/d416f4310bb946b4b127201ec3c37e530d988714 url
https://github.com/openstack/nova/commit/dc8de426066969a3f0624fdc2a7b29371a2d55bf url
https://github.com/openstack/nova package
https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2014-112.yaml url

Open in Interactive Console →