Remote Code Execution Vulnerability in OpenStack Storlets by OpenStack
CVE-2024-28716

Currently unrated

Key Information:

Vendor: OpenStack
Status: OpenStack Storlets
Vendor: CVE Published:; 30 April 2024

Summary

A vulnerability in OpenStack Storlets yoga-eom permits unauthorized remote attackers to execute arbitrary code through the gateway.py component. This weakness could be exploited to manipulate system behavior and compromise the integrity of affected systems. Organizations using this version of OpenStack should promptly assess their deployments to mitigate risks associated with this vulnerability.

References

https://bugs.launchpad.net/solum/+bug/2047505

https://drive.google.com/file/d/11x-6CjWCyap8_W1JpVzun56H...

https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e5...

Timeline

Vulnerability published
Apr 30, 2024