Martin Kaesberger: If there's any organization you're affiliated with and you'd like it credited along with your name, please let me know.
Here's a draft impact description, a quick review for any inaccuracies is appreciated so I can request a CVE assignment with it...
title: Arbitrary file access through custom QCOW2 external data
description: >
Martin Kaesberger reported a vulnerability in QCOW2 image processing for
Cinder, Glance and Nova. By supplying a specially created QCOW2 image which
references a specific data file path, an authenticated user may convince
systems to return a copy of that file's contents from the server resulting in
unauthorized access to potentially sensitive data. All Cinder deployments are
affected; only Glance deployments with image conversion enabled are affected;
all Nova deployments are affected.
Martin Kaesberger: If there's any organization you're affiliated with and you'd like it credited along with your name, please let me know.
Here's a draft impact description, a quick review for any inaccuracies is appreciated so I can request a CVE assignment with it...
title: Arbitrary file access through custom QCOW2 external data
description: >
Martin Kaesberger reported a vulnerability in QCOW2 image processing for
Cinder, Glance and Nova. By supplying a specially created QCOW2 image which
references a specific data file path, an authenticated user may convince
systems to return a copy of that file's contents from the server resulting in
unauthorized access to potentially sensitive data. All Cinder deployments are
affected; only Glance deployments with image conversion enabled are affected;
all Nova deployments are affected.
affected-products:
- product: Cinder
version: '<21.3.3, >=22.0.0 <22.1.2, >=23.0.0 <23.1.1, ==24.0.0'
- product: Glance
version: '<25.1.1, ==26.0.0, ==27.0.0, >=28.0.0 <28.0.2'
- product: Nova
version: '<26.2.3, >=27.0.0 <27.2.1, >=28.0.0 <28.0.2, >=29.0.0 <29.0.2'