Lucene search
MitreVULNRICHMENT:CVE-2024-40767HistoryJul 24, 2024 - 12:00 a.m.
CVE-2024-40767
2024-07-2400:00:00
mitre
github.com
2
openstack
nova
image vulnerability
unauthorized access
sensitive data
incomplete fix
AI Score
6.5
Confidence
Low
EPSS
0.003
Percentile
66.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file’s contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
Related
cvelist
cvelist
osv
osv
CVE-2024-40767
2024-07-23 15:00:00
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
2024-07-24 06:31:10
nova - security update
2024-09-05 00:00:00
debiancve
debiancve
ubuntucve
ubuntucve
cve
cve
nvd
nvd
github
github
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
2024-07-24 06:31:10
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal
2023-01-27 00:30:19
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
2024-07-05 03:30:42
nessus
nessus
Debian dla-3873 : nova-api - security update
2024-09-05 00:00:00
RHEL 9 : Red Hat OpenStack Platform 17.1.3 (RHSA-2024:5083)
2024-08-07 00:00:00
RHEL 8 : Red Hat OpenStack Platform 16.1.9 (openstack-nova) (RHSA-2024:5113)
2024-08-08 00:00:00
redhatcve
redhatcve
redhat
redhat
ubuntu
ubuntu
Nova vulnerability
2024-07-23 00:00:00
Nova vulnerability
2024-07-08 00:00:00
OpenStack Glance vulnerability
2024-07-08 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6911-1)
2024-07-24 00:00:00
Ubuntu: Security Advisory (USN-6883-1)
2024-07-09 00:00:00
Ubuntu: Security Advisory (USN-6884-1)
2024-07-09 00:00:00
debian
debian
[SECURITY] [DLA 3301-1] cinder security update
2023-01-30 22:10:12
[SECURITY] [DLA 3300-1] glance security update
2023-01-30 22:04:57
[SECURITY] [DSA 5336-1] glance security update
2023-02-01 18:32:49
veracode
veracode
Arbitrary File Access
2024-07-10 09:45:30
Information Disclosure
2023-02-03 17:08:10
vulnrichment
vulnrichment
CVE-2024-32498
2024-07-05 00:00:00
freebsd
freebsd
py-cinder -- unauthorized data access
2023-01-27 00:00:00
prion
prion
Design/Logic Flaw
2023-01-26 22:15:00
AI Score
6.5
Confidence
Low
EPSS
0.003
Percentile
66.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-40767