7743 matches found
CVE-2024-41961 Elektra vulnerable to remote code execution in universal search
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...
CVE-2024-41961 Elektra vulnerable to remote code execution in universal search
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...
Elektra 安全漏洞
Elektra is an Openstack dashboard open-sourced by SAP Converged Cloud. Making Openstack more accessible to users. A security vulnerability exists in Elektra that stems from the presence of a code injection vulnerability that allows an authenticated user to craft search terms containing Ruby code ...
OpenStack Heat 信息泄露漏洞
OpenStack Heat is an OpenStack open source service. Composite cloud applications are orchestrated using a declarative template format via the OpenStack native REST API. A security vulnerability exists in OpenStack Heat that stems from the presence of sensitive information disclosure issues...
SUSE CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
GHSA-RM86-H44C-2R2M OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
CVE-2024-40767
CVE-2024-40767 affects OpenStack Nova: before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, where supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or a VMDK flat image with a descriptor file path can cause the server to return the contents of the refe...
USN-6911-1: Nova vulnerability
Arnaud Morin discovered that Nova incorrectly handled certain raw format images. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...
UBUNTU-CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
PT-2024-29030 · Openstack +2 · Openstack Nova +2
Name of the Vulnerable Software and Affected Versions: OpenStack Nova versions prior to 29.1.1 Description: A medium severity issue affects OpenStack Nova, where crafted image paths can expose sensitive data, potentially leading to data theft risk. Recommendations: For OpenStack Nova versions pri...
OpenStack 安全漏洞
OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack that stems from VMDK/qcow contains an arbitrary file access issue...
Arbitrary File Access
OpenStack Cinder, Glance, and Nova are vulnerable to Arbitrary File Access. The vulnerability is due to a flaw in handling custom QCOW2 external data, where a crafted QCOW2 image can reference a specific data file path. The vulnerability allows an authenticated user to retrieve unauthorized copie...
RHEL 8 : Red Hat OpenStack Platform 16.1.9 (RHSA-2024:4425)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4425 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, use d for block storage. OpenStack Image Service code-named Glance provides...
Critical OpenStack Vulnerability Exposes Cloud Data
...