BDU:2023-00689

Уязвимость сервиса блочного хранения данных Openstack Cinder, связанная с использованием файлов и каталогов, доступных внешним сторонам, позволяющая нарушителю раскрыть защищаемую информацию

Severity: HIGH (7.7) Vector: AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

Severity: MEDIUM (6.6) Vector: AV:N/AC:H/Au:N/C:C/I:P/A:P

References:

CVE-2022-47951

Published: 2023-01-26
Modified: 2025-03-31

CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

Severity: MEDIUM (5.7) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References:

Package assimp updated to version 5.4.2-alt1 for branch c10f2 in task 355272.

Published: 2024-08-12
Modified: 2025-03-05

BDU:2024-06186

Уязвимость компонента File Handler библиотеки импорта 3D-моделей Open Asset Import Library (Assimp), позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.4) Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2024-40724

Published: 2024-07-19
Modified: 2025-03-25

CVE-2024-40724

Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Branch c10f2 update on 2024-08-20

ALT-BU-2024-11364-1

ALT-PU-2024-11070-5

Closed vulnerabilities

BDU:2023-00689

CVE-2022-47951

ALT-PU-2024-11268-3

Closed vulnerabilities

BDU:2024-06186

CVE-2024-40724