ALT-PU-2024-7913-3

Package update openstack-glance in branch c10f2

Version26.0.0-alt0.1.c10f2

Published2024-05-21

Max severityHIGH

Severity:

Closed issues (2)

HIGH7.7

Уязвимость сервиса блочного хранения данных Openstack Cinder, связанная с использованием файлов и каталогов, доступных внешним сторонам, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2023-02-13Modified: 2024-09-13

CVSS 3.xHIGH 7.7

CVSS:3.x/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

CVSS 2.0MEDIUM 6.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:P/A:P

References

CVE-2022-47951

MEDIUM5.7

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

Published: 2023-01-26Modified: 2025-03-31

CVSS 3.xMEDIUM 5.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References