In OpenStack Nova before 27.4.1, 28 before 28.2.1, 和 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 和 CVE-2024-32498.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, 和 what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value 和 insight.
– Scott Cheney, 经理 of Information Security, Sierra View Medical Center