CVE-2024-40767

MEDIUM

OpenStack Nova <27.4.1,28.2.1,29.1.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.

References (5)

Scores

CVSS v3 6.5
EPSS 0.0083
EPSS Percentile 74.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-552
Status published
Products (2)
openstack/nova < 27.4.1
pypi/Nova 0PyPI
Published Jul 24, 2024
Tracked Since Feb 18, 2026