Comment 132 for bug 2059809
Revision history for this message
| Luigi Toscano (ltoscano) wrote Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498) | #132 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Just for the record, I've tested the exploit for cinder described in #131 and the only difference is that the file is taken from wherever the cinder volume used to create that volume runs (in my case, a container on one of the controllers), while the exploits described initially which involve nova and glance exposes files from the nova compute node.