CVE-2024-32498

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2024/07/02/2
https://launchpad.net/bugs/2059809	Issue Tracking Patch
https://security.openstack.org/ossa/OSSA-2024-001.html
https://www.openwall.com/lists/oss-security/2024/07/02/2	Mailing List Patch
http://www.openwall.com/lists/oss-security/2024/07/02/2
https://launchpad.net/bugs/2059809	Issue Tracking Patch
https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
https://www.openwall.com/lists/oss-security/2024/07/02/2	Mailing List Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openstack:cinder::::::::
	cpe:2.3:a:openstack:cinder::::::::
	cpe:2.3:a:openstack:cinder:24.0.0:::::::*
	cpe:2.3:a:openstack:glance::::::::
	cpe:2.3:a:openstack:glance::::::::
	cpe:2.3:a:openstack:glance:27.0.0:::::::*
	cpe:2.3:a:openstack:nova::::::::
	cpe:2.3:a:openstack:nova::::::::
	cpe:2.3:a:openstack:nova::::::::

History

No history.

Information

Published : 2024-07-05 02:15

Updated : 2024-11-21 09:15

NVD link : CVE-2024-32498

Mitre link : CVE-2024-32498

CVE.ORG link : CVE-2024-32498

JSON object : View

Products Affected

openstack

nova
glance
cinder

CWE

NVD-CWE-noinfo CWE-552

Files or Directories Accessible to External Parties

{"id": "CVE-2024-32498", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-07-05T02:15:09.840", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/07/02/2", "source": "cve@mitre.org"}, {"url": "https://launchpad.net/bugs/2059809", "tags": ["Issue Tracking", "Patch"], "source": "cve@mitre.org"}, {"url": "https://security.openstack.org/ossa/OSSA-2024-001.html", "source": "cve@mitre.org"}, {"url": "https://www.openwall.com/lists/oss-security/2024/07/02/2", "tags": ["Mailing List", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/02/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://launchpad.net/bugs/2059809", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openwall.com/lists/oss-security/2024/07/02/2", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-552"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en OpenStack Cinder hasta 24.0.0, Glance antes de 28.0.2 y Nova antes de 29.0.3. El acceso arbitrario a archivos puede ocurrir a trav\u00e9s de datos externos QCOW2 personalizados. Al proporcionar una imagen QCOW2 manipulada que hace referencia a una ruta de archivo de datos espec\u00edfica, un usuario autenticado puede convencer a los sistemas para que devuelvan una copia del contenido de ese archivo desde el servidor, lo que resulta en un acceso no autorizado a datos potencialmente confidenciales. Todas las implementaciones de Cinder y Nova se ven afectadas; solo se ven afectadas las implementaciones de Glance con la conversi\u00f3n de im\u00e1genes habilitada."}], "lastModified": "2024-11-21T09:15:02.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15F92D40-6FF4-4B69-8CB7-8738D328C17E", "versionEndExcluding": "22.1.3"}, {"criteria": "cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0586E7A0-93EB-4514-B99B-BE36FF601385", "versionEndExcluding": "23.1.1", "versionStartIncluding": "23.0.0"}, {"criteria": "cpe:2.3:a:openstack:cinder:24.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A0D5772-9130-4882-B766-6C5FABEB0A15"}, {"criteria": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D3430EC-399A-48F4-987D-EB040F0C807E", "versionEndExcluding": "26.0.1"}, {"criteria": "cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7C6F3A6-1F5A-4515-9BF7-EB5F0C3ABD90", "versionEndExcluding": "28.0.2", "versionStartIncluding": "28.0.0"}, {"criteria": "cpe:2.3:a:openstack:glance:27.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15C95296-C24A-4643-9C3A-66E75AEBD8DC"}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8232EDBD-2E0C-45AE-919A-87736B3F2E5D", "versionEndExcluding": "27.3.1"}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BD5E209-E134-4EB1-9D9B-E2B564C4C43A", "versionEndExcluding": "28.1.1", "versionStartIncluding": "28.0.0"}, {"criteria": "cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "249930E8-A4FC-484E-A73F-9027B3F2E73C", "versionEndExcluding": "29.0.3", "versionStartIncluding": "29.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}