5 matches found
openstack-nova: Regression VMDK/qcow arbitrary file access
An arbitrary file access flaw was found in Nova. By supplying a RAW format image, a specially crafted QCOW2 image with a backing file path, or a VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file’s contents from the...
openstack-nova: Regression VMDK/qcow arbitrary file access
An arbitrary file access flaw was found in Nova. By supplying a RAW format image, a specially crafted QCOW2 image with a backing file path, or a VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file’s contents from the...
SUSE CVE-2024-40767
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced...
openstack: Arbitrary file access through custom VMDK flat descriptor
A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized...
openstack: Arbitrary file access through custom VMDK flat descriptor
A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized...