Описание
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3:29.1.0+git2024080716.bb2d7f9c-0ubuntu1 |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | released | 2:21.2.4-0ubuntu2.11 |
| esm-infra/xenial | needs-triage | |
| focal | released | 2:21.2.4-0ubuntu2.11 |
| jammy | released | 3:25.2.1-0ubuntu2.6 |
| noble | released | 3:29.0.1-0ubuntu1.4 |
| oracular | released | 3:29.1.0+git2024080716.bb2d7f9c-0ubuntu1 |
| plucky | released | 3:29.1.0+git2024080716.bb2d7f9c-0ubuntu1 |
| questing | released | 3:29.1.0+git2024080716.bb2d7f9c-0ubuntu1 |
Показывать по
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1. ...
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
EPSS
6.5 Medium
CVSS3