CVE-2024-40767: OpenStack Nova Vulnerability Exposes Cloud Servers to Data Theft Risk
A critical vulnerability (CVE-2024-40767) has been discovered in OpenStack Nova, the open-source cloud computing platform’s core component for managing virtual servers. This flaw could allow unauthorized users to access sensitive data on cloud servers, posing a significant risk to organizations using the platform.
Details of the Vulnerability
The vulnerability exists due to an incomplete fix for previous vulnerabilities (CVE-2022-47951 and CVE-2024-32498). An attacker could exploit this flaw by submitting specially crafted disk images in either QCOW2 or VMDK format. These images would trick Nova into returning the contents of arbitrary files on the server, potentially exposing confidential information.
This critical security issue was reported by Arnaud Morin from OVH.
Affected Versions
The CVE-2024-40767 vulnerability affects all Nova deployments before versions 27.4.1, 28.2.1, and 29.1.1. Organizations using older versions of Nova are strongly urged to upgrade immediately to protect their cloud infrastructure.
Impact and Mitigation
While the vulnerability requires authentication, the potential impact is severe. Unauthorized access to server files could lead to data breaches, intellectual property theft, or even complete system compromise. OpenStack has released patches to address the issue, and administrators should prioritize applying these updates as soon as possible.
Additional Concerns
In addition to applying patches, administrators should be aware that malicious images might already be present in Nova’s cache, even after patching. There is currently no definitive guidance on identifying and removing these images. Administrators are cautioned against using unpatched versions of the ‘qemu-img’ tool for this purpose, as it could be vulnerable to exploitation (QEMU CVE-2024-4467).
