← Voltar para CVEs
CVE-2024-32498
MEDIUM6.5
Descricao
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
Detalhes CVE
Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado7/5/2024
Ultima modificacao11/4/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
openstack:cinderopenstack:glanceopenstack:nova
Fraquezas (CWE)
CWE-552
Referencias
http://www.openwall.com/lists/oss-security/2024/07/02/2(cve@mitre.org)
https://launchpad.net/bugs/2059809(cve@mitre.org)
https://security.openstack.org/ossa/OSSA-2024-001.html(cve@mitre.org)
https://www.openwall.com/lists/oss-security/2024/07/02/2(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2024/07/02/2(af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.net/bugs/2059809(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2024/07/02/2(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.