Unauthorized Access to Sensitive Data via Custom QCOW2 External Data in OpenStack Cinder, Glance, and Nova

Summary

A critical security vulnerability (CVE-2024-32498) has been discovered in OpenStack, affecting the Cinder, Glance, and Nova components. The flaw allows attackers to gain unauthorized access to sensitive data by supplying a crafted QCOW2 image that references a specific data file path, potentially exposing confidential information. The vulnerability poses a risk of unauthorized access, data breaches, and the compromise of cloud environments, with the potential for significant legal and financial consequences. It has been classified as critical with a high severity score. Mitigation patches have been released by Red Hat and the OpenStack community, and system administrators are advised to apply these updates promptly.

News Articles

ÇözümPark

CVE-2024-32498

Kritik OpenStack Güvenlik Açığı (CVE-2024-32498): Bulut Verileri Büyük Tehlikede! (CVSS 8.8) - ÇözümPark

Kritik OpenStack Güvenlik Açığı (CVE-2024-32498): Bulut Verileri Büyük Tehlikede! (CVSS 8.8)

5 months ago

CybersecurityNews

CVE-2024-32498

Critical OpenStack Arbitrary File Access Flaw Exposes Cloud Data to Hackers

The flaw tracked as CVE-2024-32498, allows authenticated attackers to gain unauthorized access to arbitrary files on the host system, potentially exposing sensitive data.

5 months ago