Ubuntu: (Multiple Advisories) (CVE-2024-40767): Nova vulnerability
描述
In OpenStack Nova before 27.4.1, 28 before 28.2.1, 和 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 和 CVE-2024-32498.
解决方案(年代)
- ubuntu-upgrade-nova-common
- ubuntu-upgrade-python3-nova
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, 和 Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, 和 what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value 和 insight.
– Scott Cheney, 经理 of Information Security, Sierra View Medical Center