CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
18.3%
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file’s contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
launchpad.net/bugs/2059809
nvd.nist.gov/vuln/detail/CVE-2024-32498
www.openwall.com/lists/oss-security/2024/07/02/2
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
18.3%