Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2014-0134

Published: 08/05/2014 Updated: 21/06/2014
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Subscribe to Compute

Vulnerability Summary

The instance rescue mode in OpenStack Compute (Nova) 2013.2 prior to 2013.2.3 and Icehouse prior to 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openstack compute 2013.2

openstack compute 2013.2.1

openstack compute 2013.2.2

Vendor Advisories

Ubuntu Security Notice: nova vulnerabilities
Several security issues were fixed in OpenStack Nova ...
Debian CVElist Bug Report Logs: CVE-2014-0134: Nova host data leak to vm instance in rescue mode
Debian Bug report logs - #742712 CVE-2014-0134: Nova host data leak to vm instance in rescue mode Package: src:nova; Maintainer for src:nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Wed, 26 Mar 2014 15:30:01 UTC Severity: important Tags: security Fo ...
Debian CVElist Bug Report Logs: CVE-2014-0167: RBAC policy not properly enforced in Nova EC2 API
Debian Bug report logs - #744051 CVE-2014-0167: RBAC policy not properly enforced in Nova EC2 API Package: src:nova; Maintainer for src:nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Wed, 9 Apr 2014 16:03:01 UTC Severity: important Tags: security, up ...

References

CWE-200http://www.openwall.com/lists/oss-security/2014/03/27/6https://bugs.launchpad.net/nova/+bug/1221190http://www.ubuntu.com/usn/USN-2247-1https://usn.ubuntu.com/2247-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook