CISA-ADP AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA-ADP CWE-552

MITRE http://www.openwall.com/lists/oss-security/2024/07/02/2 [No types assigned]

MITRE https://security.openstack.org/ossa/OSSA-2024-001.html [No types assigned]

OR
     *cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:* versions up to (excluding) 22.1.3
     *cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:* versions from (including) 23.0.0 up to (excluding) 23.1.1
     *cpe:2.3:a:openstack:cinder:24.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:* versions up to (excluding) 26.0.1
     *cpe:2.3:a:openstack:glance:27.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:* versions from (including) 28.0.0 up to (excluding) 28.0.2
     *cpe

NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

NIST NVD-CWE-noinfo

https://launchpad.net/bugs/2059809 No Types Assigned

https://launchpad.net/bugs/2059809 Issue Tracking, Patch

https://www.openwall.com/lists/oss-security/2024/07/02/2 No Types Assigned

https://www.openwall.com/lists/oss-security/2024/07/02/2 Mailing List, Patch

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conver

MITRE https://launchpad.net/bugs/2059809 [No types assigned]

MITRE https://www.openwall.com/lists/oss-security/2024/07/02/2 [No types assigned]