ghsa-rm86-h44c-2r2m
Vulnerability from github
Published
2024-07-24 06:31
Modified
2024-07-26 21:39
Severity
6.5 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
Details
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "Nova" }, "ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "27.4.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "PyPI", "name": "Nova" }, "ranges": [ { "events": [ { "introduced": "28.0.0" }, { "last_affected": "28.2.0" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "PyPI", "name": "Nova" }, "ranges": [ { "events": [ { "introduced": "29.0.0" }, { "last_affected": "29.1.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-40767" ], "database_specific": { "cwe_ids": [ "CWE-436" ], "github_reviewed": true, "github_reviewed_at": "2024-07-25T14:27:53Z", "nvd_published_at": "2024-07-24T05:15:12Z", "severity": "MODERATE" }, "details": "In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file\u0027s contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.", "id": "GHSA-rm86-h44c-2r2m", "modified": "2024-07-26T21:39:46Z", "published": "2024-07-24T06:31:10Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40767" }, { "type": "PACKAGE", "url": "https://github.com/openstack/nova" }, { "type": "WEB", "url": "https://launchpad.net/bugs/2071734" }, { "type": "WEB", "url": "https://review.opendev.org/c/openstack/nova/+/924731" }, { "type": "WEB", "url": "https://security.openstack.org" }, { "type": "WEB", "url": "https://security.openstack.org/ossa/OSSA-2024-002.html" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2024/07/23/2" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "type": "CVSS_V4" } ], "summary": "OpenStack Nova vulnerable to unauthorized access to potentially sensitive data " }
Loading...