CVE-2024-32498 – OpenStack: malicious qcow2/vmdk images
https://notcve.org/view.php?id=CVE-2024-32498
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected. Se descubrió un problema en OpenStack Cinder hasta 24.0.0, Glance antes de 28.0.2 y Nova antes de 29.0.3. • https://launchpad.net/bugs/2059809 https://www.openwall.com/lists/oss-security/2024/07/02/2 http://www.openwall.com/lists/oss-security/2024/07/02/2 https://security.openstack.org/ossa/OSSA-2024-001.html https://access.redhat.com/security/cve/CVE-2024-32498 https://bugzilla.redhat.com/show_bug.cgi?id=2278663 • CWE-400: Uncontrolled Resource Consumption CWE-552: Files or Directories Accessible to External Parties •
CVE-2022-47951 – openstack: Arbitrary file access through custom VMDK flat descriptor
https://notcve.org/view.php?id=CVE-2022-47951
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. Se descubrió un problema en OpenStack Cinder antes de 19.1.2, 20.x antes de 20.0.2 y 21.0.0; Vistazo antes de 23.0.1, 24.x antes de 24.1.1 y 25.0.0; y Nova antes de 24.1.2, 25.x antes de 25.0.2 y 26.0.0. Al proporcionar una imagen plana VMDK especialmente creada que hace referencia a una ruta de archivo de respaldo específica, un usuario autenticado puede convencer a los sistemas para que devuelvan una copia del contenido de ese archivo desde el servidor, lo que resulta en un acceso no autorizado a datos potencialmente confidenciales. A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. • https://launchpad.net/bugs/1996188 https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html https://security.openstack.org/ossa/OSSA-2023-002.html https://www.debian.org/security/2023/dsa-5336 https://www.debian.org/security/2023/dsa-5337 https://www.debian.org/security/2023/dsa-5338 https://access.redhat.com/security/cve/CVE • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-552: Files or Directories Accessible to External Parties •
CVE-2022-37394 – openstack-nova: Compute service fails to restart if the vnic_type of a bound port changed from direct to macvtap
https://notcve.org/view.php?id=CVE-2022-37394
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected. Se ha detectado un problema en OpenStack Nova versiones anteriores a 23.2.2, 24.x anteriores a 24.1.2 y 25.x anteriores a 25.0.2. Al crear un puerto de neutrones con el vnic_type directo, crear una instancia vinculada a ese puerto y luego cambiar el vnic_type del puerto vinculado a macvtap, un usuario autenticado puede causar que el servicio de computación no sea reiniciado, resultando en una posible denegación de servicio. • https://bugs.launchpad.net/ossa/+bug/1981813 https://review.opendev.org/c/openstack/nova/+/849985 https://review.opendev.org/c/openstack/nova/+/850003 https://access.redhat.com/security/cve/CVE-2022-37394 https://bugzilla.redhat.com/show_bug.cgi?id=2117333 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-3654 – openstack-nova: novnc allows open redirection
https://notcve.org/view.php?id=CVE-2021-3654
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. Se ha encontrado una vulnerabilidad en el proxy de consola de openstack-nova, noVNC. Mediante el diseño de una URL maliciosa, noVNC puede ser redirigido a cualquier URL deseada A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. • https://bugs.launchpad.net/nova/+bug/1927677 https://bugs.python.org/issue32084 https://bugzilla.redhat.com/show_bug.cgi?id=1961439 https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66 https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb https://security.gentoo.org/glsa/202305-02 https://security.openstack.org/ossa/OSSA-2021-002.html https://www.openwall.com/lists/oss-security/2021/07/29/2 https://access.redhat.com/security/cve/CVE-2021- • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2016-2140 – openstack-nova: Host data leak through resize/migration
https://notcve.org/view.php?id=CVE-2016-2140
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. El controlador libvirt en OpenStack Compute (Nova) en versiones anteriores a 2015.1.4 (kilo) y 12.0.x en versiones anteriores a 12.0.3 (liberty), cuando usa almacenamiento en bruto y use_cow_images está establecido a false, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una cabecera qcow2 manipulada en un disco efímero o root. An information-exposure flaw was found in the OpenStack Compute (nova) resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content on the specified device would be leaked to the user. • http://www.openwall.com/lists/oss-security/2016/03/08/6 http://www.securityfocus.com/bid/84277 https://bugs.launchpad.net/nova/+bug/1548450 https://security.openstack.org/ossa/OSSA-2016-007.html https://access.redhat.com/security/cve/CVE-2016-2140 https://bugzilla.redhat.com/show_bug.cgi?id=1313454 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •