7801 matches found
OpenStack Heat 信息泄露漏洞
OpenStack Heat is an OpenStack open source service. Composite cloud applications are orchestrated using a declarative template format via the OpenStack native REST API. A security vulnerability exists in OpenStack Heat that stems from the presence of sensitive information disclosure issues...
SUSE CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
GHSA-RM86-H44C-2R2M OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40767
CVE-2024-40767 affects OpenStack Nova: before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, where supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or a VMDK flat image with a descriptor file path can cause the server to return the contents of the refe...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
USN-6911-1: Nova vulnerability
Arnaud Morin discovered that Nova incorrectly handled certain raw format images. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...
UBUNTU-CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
PT-2024-29030 · Openstack +2 · Openstack Nova +2
Name of the Vulnerable Software and Affected Versions: OpenStack Nova versions prior to 29.1.1 Description: A medium severity issue affects OpenStack Nova, where crafted image paths can expose sensitive data, potentially leading to data theft risk. Recommendations: For OpenStack Nova versions pri...
OpenStack 安全漏洞
OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack that stems from VMDK/qcow contains an arbitrary file access issue...
Arbitrary File Access
OpenStack Cinder, Glance, and Nova are vulnerable to Arbitrary File Access. The vulnerability is due to a flaw in handling custom QCOW2 external data, where a crafted QCOW2 image can reference a specific data file path. The vulnerability allows an authenticated user to retrieve unauthorized copie...
RHEL 8 : Red Hat OpenStack Platform 16.1.9 (RHSA-2024:4425)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4425 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, use d for block storage. OpenStack Image Service code-named Glance provides...
Critical OpenStack Vulnerability Exposes Cloud Data
...
Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 security update
An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
OpenStack: malicious qcow2/vmdk images
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
USN-6883-1: OpenStack Glance vulnerability
Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...