#VU96470 Information disclosure in Openstack Nova - CVE-2024-40767

Cybersecurity Help s.r.o.

Published: 2024-08-23 | Updated: 2024-08-28

Vulnerability identifier: #VU96470

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40767

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Openstack Nova
Client/Desktop applications / Other client software

Vendor: Openstack

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of file paths inside a QCOW2 image with a backing file path or VMDK flat image with a descriptor file path. A remote user can supply a specially crafted image that references a specific data file path and view the contents of the file.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Openstack Nova: 27.0.0 - 29.1.0

External links
https://launchpad.net/bugs/2071734
https://www.openwall.com/lists/oss-security/2024/07/23/2
https://security.openstack.org/ossa/OSSA-2024-002.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for nova

Information disclosure in Red Hat OpenStack 17.1 packages

Information disclosure in Red Hat OpenStack 16.1 packages

Information disclosure in OpenStack Nova