Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2024/08/07 1:23 p.m.21 views

openstack-nova: Regression VMDK/qcow arbitrary file access

An arbitrary file access flaw was found in Nova. By supplying a RAW format image, a specially crafted QCOW2 image with a backing file path, or a VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file’s contents from the...

6.5CVSS5.8AI score0.00941EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/08/07 1:21 p.m.17 views

openstack-nova: Regression VMDK/qcow arbitrary file access

An arbitrary file access flaw was found in Nova. By supplying a RAW format image, a specially crafted QCOW2 image with a backing file path, or a VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file’s contents from the...

6.5CVSS5.8AI score0.00941EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2024/07/26 3:12 a.m.2 views

SUSE CVE-2024-40767

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...

6.5CVSS8.5AI score0.00941EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/02/28 3:48 p.m.5 views

openstack: Arbitrary file access through custom VMDK flat descriptor

A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized...

5.7CVSS7.3AI score0.01025EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/02/28 3:48 p.m.3 views

openstack: Arbitrary file access through custom VMDK flat descriptor

A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized...

5.7CVSS7.3AI score0.01025EPSS
Exploits1References5
Rows per page
Query Builder