Information disclosure in Openstack Compute

CVE-2014-0134

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host f…

Vulnerability class: Information Disclosure

EPSS: 0.002 (42.2th percentile) — read the EPSS interpretation.

Affected products

Openstack Compute — versions 2013.2, 2013.2.1, 2013.2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

secalert@redhat.com (x_refsource_CONFIRM)
[oss-security] 20140327 [OSSA 2014-009] Nova host data leak to vm instance in rescue mode (CVE-2014-0134) (mailing-list, x_refsource_MLIST)
USN-2247-1 (x_refsource_UBUNTU, vendor-advisory)