CVE-2014-0134

openstack-nova: Nova host data leak to vm instance in rescue mode

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.

El modo de rescate de instancia en OpenStack Compute (Nova) 2013.2 anterior a 2013.2.3 y Icehouse anterior a 2014.1, cuando utiliza libvirt para generar imagenes y use_cow_images está configurado a falso, permite a usuarios remotos autenticados leer ciertos archivos compute host mediante la sobrescritura de una instancia de disco con un imagen manipulado.

OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was found that overwriting the disk inside of an instance with a malicious image, and then switching the instance to rescue mode, could potentially allow an authenticated user to access arbitrary files on the compute host depending on the file permissions and SELinux constraints of those files. Only setups that used libvirt to spawn instances and which had the use of cow images disabled were affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-12-03 CVE Reserved
2014-05-08 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (5)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2014/03/27/6	Mailing List
https://bugs.launchpad.net/nova/+bug/1221190	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.ubuntu.com/usn/USN-2247-1	2014-06-21
https://access.redhat.com/security/cve/CVE-2014-0134	2014-05-29
https://bugzilla.redhat.com/show_bug.cgi?id=1078002	2014-05-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Compute Search vendor "Openstack" for product "Compute"				2013.2 Search vendor "Openstack" for product "Compute" and version "2013.2"		-		Affected
Openstack Search vendor "Openstack"		Compute Search vendor "Openstack" for product "Compute"				2013.2.1 Search vendor "Openstack" for product "Compute" and version "2013.2.1"		-		Affected
Openstack Search vendor "Openstack"		Compute Search vendor "Openstack" for product "Compute"				2013.2.2 Search vendor "Openstack" for product "Compute" and version "2013.2.2"		-		Affected