CVE-2024-32498
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-32498
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2:21.3.1-1~deb12u1 |
| debian | bullseye | fixed | 2:17.4.0-1~deb11u2 |
| debian | forky | fixed | 2:24.0.0-5 |
| debian | sid | fixed | 2:24.0.0-5 |
| debian | trixie | fixed | 2:24.0.0-5 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-32498
- https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
- https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
- https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
- https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
- https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
- https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
- https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
- https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
- https://launchpad.net/bugs/2059809
- https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
- https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
- https://security.openstack.org/ossa/OSSA-2024-001.html
- https://www.openwall.com/lists/oss-security/2024/07/02/2
- http://www.openwall.com/lists/oss-security/2024/07/02/2
- https://security-tracker.debian.org/tracker/CVE-2024-32498
Verify integrity in audit chain (admin only). AS-IS.