← voltar
CVE-2024-32498

CVE-2024-32498

CVSS 6.5 MEDIUMEPSS 0.8%CWE-552
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://launchpad.net/bugs/2059809https://lists.debian.org/debian-lts-announce/2024/09/msg00016.htmlhttps://lists.debian.org/debian-lts-announce/2024/09/msg00017.htmlhttps://security.openstack.org/ossa/OSSA-2024-001.htmlhttps://www.openwall.com/lists/oss-security/2024/07/02/2http://www.openwall.com/lists/oss-security/2024/07/02/2