Comment 72 for bug 1996188
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: Arbitrary file access through custom VMDK flat descriptor | #72 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Since it seems like we're getting close to agreement on the patches and backports, I'm preparing to request a CVE assignment for tracking of the eventual published advisory. Here's an initial attempt, but please let me know what I've got wrong and I'll revise it as needed...
Title: Arbitrary file access through custom VMDK flat descriptor
Reporter: Sébastien Meriot (OVH)
Products: Cinder, Glance, Nova
Affects: Cinder <19.1.2, >=20.0.0 <20.0.2, ==21.0.0; Glance <23.0.1, >=24.0.0 <24.1.1, ==25.0.0; Nova <24.1.2, >=25.0.0 <25.0.2, ==26.0.0
Description:
Sébastien Meriot (OVH) reported a vulnerability in VMDK image processing for Cinder, Glance and Nova.
By supplying a specially created VMDK flat image which references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server resulting in unauthorized access to potentially sensitive data.
All Cinder deployments are affected; only Glance deployments with image conversion enabled are affected; all Nova deployments are affected.