OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access

2024-07-0503:30:42

CWE-200

GitHub Advisory Database

github.com

openstack

cinder

glance

nova

vulnerability

file access

qcow2

data

unauthorized

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

18.3%

JSON

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file’s contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

Affected configurations

Vulners

Node

novanovaRange≤29.0.2

glance_projectglanceRange≤28.0.1

openstackcinderRange≤24.0.0

VendorProductVersionCPE
novanova*cpe:2.3:a:nova:nova:*:*:*:*:*:*:*:*
glance_projectglance*cpe:2.3:a:glance_project:glance:*:*:*:*:*:*:*:*
openstackcinder*cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nova	nova	*	cpe:2.3:a:nova:nova::::::::
glance_project	glance	*	cpe:2.3:a:glance_project:glance::::::::
openstack	cinder	*	cpe:2.3:a:openstack:cinder::::::::