Unauthorized Access to Sensitive Data via Custom QCOW2 External Data in OpenStack Cinder, Glance, and Nova
Key Information
- Vendor
- OpenStack
- Status
- Nova
- Glance
- Cinder
- Vendor
- CVE Published:
- 5 July 2024
Badges
Summary
A critical security vulnerability (CVE-2024-32498) has been discovered in OpenStack, affecting the Cinder, Glance, and Nova components. The flaw allows attackers to gain unauthorized access to sensitive data by supplying a crafted QCOW2 image that references a specific data file path, potentially exposing confidential information. The vulnerability poses a risk of unauthorized access, data breaches, and the compromise of cloud environments, with the potential for significant legal and financial consequences. It has been classified as critical with a high severity score. Mitigation patches have been released by Red Hat and the OpenStack community, and system administrators are advised to apply these updates promptly.
News Articles
Kritik OpenStack Güvenlik Açığı (CVE-2024-32498): Bulut Verileri Büyük Tehlikede! (CVSS 8.8) - ÇözümPark
Kritik OpenStack Güvenlik Açığı (CVE-2024-32498): Bulut Verileri Büyük Tehlikede! (CVSS 8.8)
4 months ago
Critical OpenStack Arbitrary File Access Flaw Exposes Cloud Data to Hackers
The flaw tracked as CVE-2024-32498, allows authenticated attackers to gain unauthorized access to arbitrary files on the host system, potentially exposing sensitive data.
4 months ago
CVSS V3.1
Timeline
Vulnerability published.
First article discovered by CybersecurityNews