VYPR
High severityNVD Advisory· Published Jul 5, 2024· Updated Nov 4, 2025

CVE-2024-32498

CVE-2024-32498

Description

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cinderPyPI
<= 24.0.0
glancePyPI
<= 28.0.1
novaPyPI
<= 29.0.2

Affected products

3

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.