Unauthorized Access to Sensitive Data via Custom QCOW2 External Data in OpenStack Cinder, Glance, and Nova
CVE-2024-32498

6.5MEDIUM

Key Information:

Vendor
OpenStack
Status
Nova
Glance
Cinder
Vendor
CVE Published:
5 July 2024

Badges

📰 News Worthy

Summary

A critical security vulnerability (CVE-2024-32498) has been discovered in OpenStack, affecting the Cinder, Glance, and Nova components. The flaw allows attackers to gain unauthorized access to sensitive data by supplying a crafted QCOW2 image that references a specific data file path, potentially exposing confidential information. The vulnerability poses a risk of unauthorized access, data breaches, and the compromise of cloud environments, with the potential for significant legal and financial consequences. It has been classified as critical with a high severity score. Mitigation patches have been released by Red Hat and the OpenStack community, and system administrators are advised to apply these updates promptly.

News Articles

favicon imageÇözümPark

Kritik OpenStack Güvenlik Açığı (CVE-2024-32498): Bulut Verileri Büyük Tehlikede! (CVSS 8.8) - ÇözümPark

Kritik OpenStack Güvenlik Açığı (CVE-2024-32498): Bulut Verileri Büyük Tehlikede! (CVSS 8.8)

favicon imageCybersecurityNews

Critical OpenStack Arbitrary File Access Flaw Exposes Cloud Data to Hackers

The flaw tracked as CVE-2024-32498, allows authenticated attackers to gain unauthorized access to arbitrary files on the host system, potentially exposing sensitive data.

References

https://launchpad.net/bugs/2059809
http://www.openwall.com/lists/oss-security/2024/07/02/2
mailing-list
https://www.openwall.com/lists/oss-security/2024/07/02/2

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 📰

    First article discovered by CybersecurityNews

.