An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that files contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cinder | Openstack | * | 22.1.3 (excluding) |
| Cinder | Openstack | 23.0.0 (including) | 23.1.1 (excluding) |
| Cinder | Openstack | 24.0.0 (including) | 24.0.0 (including) |
| Glance | Openstack | * | 26.0.1 (excluding) |
| Glance | Openstack | 28.0.0 (including) | 28.0.2 (excluding) |
| Glance | Openstack | 27.0.0 (including) | 27.0.0 (including) |
| Nova | Openstack | * | 27.3.1 (excluding) |
| Nova | Openstack | 28.0.0 (including) | 28.1.1 (excluding) |
| Nova | Openstack | 29.0.0 (including) | 29.0.3 (excluding) |
| Red Hat OpenStack Platform 16.1 | RedHat | openstack-cinder-1:15.4.0-1.20230510003503.el8ost | * |
| Red Hat OpenStack Platform 16.1 | RedHat | openstack-glance-1:19.0.4-1.20230310213451.el8ost | * |
| Red Hat OpenStack Platform 16.1 | RedHat | openstack-nova-1:20.4.1-1.20221005193234.el8ost | * |
| Red Hat OpenStack Platform 16.2 | RedHat | openstack-cinder-1:15.6.1-2.20230906144858.el8ost | * |
| Red Hat OpenStack Platform 16.2 | RedHat | openstack-glance-1:19.0.5-2.20230310205021.el8ost | * |
| Red Hat OpenStack Platform 16.2 | RedHat | openstack-nova-1:20.6.2-2.20230814165228.el8ost | * |
| Red Hat OpenStack Platform 17.1 for RHEL 8 | RedHat | openstack-nova-1:23.2.3-17.1.20231018123754.el8ost | * |
| Red Hat OpenStack Platform 17.1 for RHEL 9 | RedHat | openstack-cinder-1:18.2.2-17.1.20231011140829.el9ost | * |
| Red Hat OpenStack Platform 17.1 for RHEL 9 | RedHat | openstack-glance-1:22.1.2-17.1.20230621071326.el9ost | * |
| Red Hat OpenStack Platform 17.1 for RHEL 9 | RedHat | openstack-nova-1:23.2.3-17.1.20231018130828.el9ost | * |
| Cinder | Ubuntu | devel | * |
| Cinder | Ubuntu | esm-infra/focal | * |
| Cinder | Ubuntu | focal | * |
| Cinder | Ubuntu | jammy | * |
| Cinder | Ubuntu | mantic | * |
| Cinder | Ubuntu | noble | * |
| Cinder | Ubuntu | oracular | * |
| Cinder | Ubuntu | plucky | * |
| Cinder | Ubuntu | questing | * |
| Glance | Ubuntu | devel | * |
| Glance | Ubuntu | esm-infra/focal | * |
| Glance | Ubuntu | focal | * |
| Glance | Ubuntu | jammy | * |
| Glance | Ubuntu | mantic | * |
| Glance | Ubuntu | noble | * |
| Glance | Ubuntu | oracular | * |
| Glance | Ubuntu | plucky | * |
| Glance | Ubuntu | questing | * |
| Nova | Ubuntu | devel | * |
| Nova | Ubuntu | esm-infra/focal | * |
| Nova | Ubuntu | focal | * |
| Nova | Ubuntu | jammy | * |
| Nova | Ubuntu | mantic | * |
| Nova | Ubuntu | noble | * |
| Nova | Ubuntu | oracular | * |
| Nova | Ubuntu | plucky | * |
| Nova | Ubuntu | questing | * |
References
- http://www.openwall.com/lists/oss-security/2024/07/02/2
- https://launchpad.net/bugs/2059809
- https://security.openstack.org/ossa/OSSA-2024-001.html
- https://www.openwall.com/lists/oss-security/2024/07/02/2
- http://www.openwall.com/lists/oss-security/2024/07/02/2
- https://launchpad.net/bugs/2059809
- https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
- https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
- https://www.openwall.com/lists/oss-security/2024/07/02/2