CVE-2024-32498

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-552
View all →

Vulnerability Description

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

Related Vulnerabilities

CVE-2016-10829

MEDIUM
CVSS:6.5(Medium)

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).

CWE-5522016

CVE-2017-1308

MEDIUM
CVSS:6.5(Medium)

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force I...

CWE-5522017

CVE-2017-6922

MEDIUM
CVSS:6.5(Medium)

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visib...

CWE-5522017

CVE-2018-1079

MEDIUM
CVSS:6.5(Medium)

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from...

CWE-5522018

CVE-2019-13140

MEDIUM
CVSS:6.5(Medium)

Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to dec...

CWE-5522019

CVE-2019-17130

MEDIUM
CVSS:6.5(Medium)

vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.

CWE-5522019