Skip to content

OpenStack Nova host data leak to vm instance in rescue mode

Low severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated May 14, 2024

Package

pip nova (pip)

Affected versions

< 12.0.0a0

Patched versions

12.0.0a0

Description

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.

References

Published by the National Vulnerability Database May 8, 2014
Published to the GitHub Advisory Database May 17, 2022
Reviewed May 14, 2024
Last updated May 14, 2024

Severity

Low

EPSS score

0.138%
(50th percentile)

Weaknesses

CVE ID

CVE-2014-0134

GHSA ID

GHSA-w429-xc55-hc48

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.