CVE-2024-40767

CWE-552Files Accessible to External PartiesCWE-436Interpretation Conflict8 documents7 sources
Severity
6.5MEDIUM
EPSS
0.8%
top 25.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedJul 24

Description

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDopenstack/nova28.0.028.2.1+2
Ubuntunova< 2:21.2.4-0ubuntu2.11+2
PyPINova28.0.028.2.0+2
PyPInova28.0.028.2.0+2

🔴Vulnerability Details

4
OSV
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data2024-07-24
GHSA
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data2024-07-24
CVEList
CVE-2024-40767: In OpenStack Nova before 272024-07-24
OSV
CVE-2024-40767: In OpenStack Nova before 272024-07-23

📋Vendor Advisories

3
Ubuntu
Nova vulnerability2024-07-23
Red Hat
openstack-nova: Regression VMDK/qcow arbitrary file access2024-07-23
Debian
CVE-2024-40767: nova - In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supp...2024
CVE-2024-40767 (MEDIUM CVSS 6.5) | In OpenStack Nova before 27.4.1 | cvebase.io