Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
| Software | From | Fixed in |
|---|---|---|
| openstack / nova | 29.0.0 | 29.0.3 |
| openstack / nova | 28.0.0 | 28.1.1 |
| openstack / nova | - | 27.3.1 |
| openstack / glance | 28.0.0 | 28.0.2 |
| openstack / glance | 27.0.0 | 27.0.0.x |
| openstack / glance | - | 26.0.1 |
| openstack / cinder | 24.0.0 | 24.0.0.x |
| openstack / cinder | 23.0.0 | 23.1.1 |
| openstack / cinder | - | 22.1.3 |
cinder
|
- | 24.0.0.x |
|
glance
|
- | 28.0.1.x |
|
nova
|
- | 29.0.2.x |
- http://www.openwall.com/lists/oss-security/2024/07/02/2
- https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
- https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
- https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
- https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
- https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
- https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
- https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
- https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
- https://launchpad.net/bugs/2059809
- https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
- https://security.openstack.org/ossa/OSSA-2024-001.html
- https://www.openwall.com/lists/oss-security/2024/07/02/2