Miggo Logo

CVE-2014-0134: OpenStack Nova host data leak to vm instance in rescue mode

3.1

CVSS Score
3.1

Basic Information

EPSS Score
0.42645%
Published
5/17/2022
Updated
11/26/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
novapip< 12.0.0a012.0.0a0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from Nova's reliance on 'qemu-img info' to autodetect disk formats during rescue mode. The unpatched correct_format method in the Raw backend (and implicit assumptions in Qcow2 initialization) allowed attackers to spoof the format via crafted images. The fix introduced disk.info to store the format persistently, replacing unsafe autodetection. The functions handling format detection before this persistence mechanism were the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** inst*n** r*s*u* mo** in Op*nSt**k *omput* (Nov*) ****.* ***or* ****.*.* *n* I***ous* ***or* ****.*, w**n usin* li*virt to sp*wn im***s *n* us*_*ow_im***s is s*t to **ls*, *llows r*mot* *ut**nti**t** us*rs to r*** **rt*in *omput* *ost *il*s *y ov*

Reasoning

T** vuln*r**ility st*mm** *rom Nov*'s r*li*n** on 'q*mu-im* in*o' to *uto**t**t *isk *orm*ts *urin* r*s*u* mo**. T** unp*t**** `*orr**t_*orm*t` m*t*o* in t** R*w ***k*n* (*n* impli*it *ssumptions in Q*ow* initi*liz*tion) *llow** *tt**k*rs to spoo* t*