7796 matches found
CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
CVE-2024-32498
CVE-2024-32498 affects OpenStack components: Cinder (up to 24.0.0), Glance (up to 28.0.2), and Nova (up to 29.0.3). The issue allows arbitrary file access via a crafted QCOW2 external data reference; an authenticated user can cause the server to return contents of a sensitive file by referencing ...
CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
CBL Mariner 2.0 Security Update: ceph (CVE-2022-0670)
The version of ceph installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-0670 advisory. - A flaw was found in Openstack manilla owning a Ceph File system share, which enables the owner to read/write an...
CVE-2024-32498
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
OpenStack: malicious qcow2/vmdk images
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.6 security update
An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.3 (openstack-nova) security update
An update for openstack-nova is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
OpenStack: malicious qcow2/vmdk images
An input validation flaw was discovered in how multiple OpenStack services validate images with backing file references. An authenticated attacker could provide a malicious image via upload, or by creating and modifying an image from an existing volume. Validation of images can be triggered durin...
Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.3 security update
An update for openstack-nova, openstack-glance, and openstack-cinder is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
UBUNTU-CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
OpenStack Security Vulnerabilities
OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack, which stems from an input validation flaw that could allow an attacker to deliver a malicious image by uploading or creating and modifying an...
PT-2024-24616 · Openstack +2 · Openstack Cinder +4
Name of the Vulnerable Software and Affected Versions: OpenStack Cinder versions through 24.0.0 OpenStack Glance versions before 28.0.2 OpenStack Nova versions before 29.0.3 Description: An issue was discovered in OpenStack, allowing arbitrary file access via custom QCOW2 external data. By...
RHEL 8 : Red Hat OpenStack Platform 16.2.6 (RHSA-2024:4273)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4273 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, use d for block storage. OpenStack Image Service code-named Glance provides...
RHEL 9 : Red Hat OpenStack Platform 17.1.3 (RHSA-2024:4272)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4272 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, use d for block storage. OpenStack Image Service code-named Glance provides...
RHEL 8 : Red Hat OpenStack Platform 17.1.3 (openstack-nova) (RHSA-2024:4274)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4274 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines,creating a redundant and...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 security update
An update for python-yaql, openstack-tripleo-heat-templates, and openstack-tripleo-common is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...
YAQL: OpenStack Murano Component Information Leakage
A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-gunicorn) security update
An update for python-gunicorn is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...