Cyber Security

OpenStack Nova Vulnerability Allows Hackers Gain Unauthorized Access to Cloud Servers

by Esmeralda McKenzie
written by Esmeralda McKenzie
OpenStack Nova Vulnerability Allows Hackers Gain Unauthorized Access to Cloud Servers

OpenStack Nova Vulnerability Allows Hackers Gain Unauthorized Access to Cloud Servers

OpenStack Nova Vulnerability Enables Hackers Trace Unauthorized Get entry to to Cloud Servers

A vulnerability in OpenStack’s Nova component has been identified, doubtlessly permitting hackers to acquire unauthorized access to cloud servers.

This vulnerability, tracked as CVE-2024-40767, affects a couple of versions of Nova and poses a severe chance to cloud infrastructure worldwide.

CVE-2024-40767– OpenStack Nova Vulnerability

Arnaud Morin of OVH learned the vulnerability, which affects Nova versions no longer as a lot as 27.4.1, between 28.0.0 and 28.2.1, and between 29.0.0 and 29.1.1.

In step with the OpenStack yarn, an authenticated user can exploit this flaw by supplying a uncooked format picture that is a particularly crafted QCOW2 picture with a backing file route or a VMDK flat picture with a descriptor file route.

This manipulation can persuade systems to advance reduction a reproduction of the referenced file’s contents from the server, leading to unauthorized access to doubtlessly handsome recordsdata.

Impact and Mitigation

All Nova deployments are tormented by this vulnerability, making it crucial for directors to steal quick action. The possible impact comprises unauthorized access to handsome recordsdata, which can moreover lead to recordsdata breaches and diversified safety incidents.

To mitigate this vulnerability, patches hang been made accessible for diversified versions of Nova:

  • Patch for 2023.1/antelope
  • Patch for 2023.2/bobcat
  • Patch for 2024.1/caracal
  • Patch for 2024.2/dalmatian

Directors are strongly told to hang a study these patches straight to valid their systems in opposition to possible exploitation. Arnaud Morin from OVH, who reported the vulnerability, has been credited for his discovery.

The OpenStack community has spoke back impulsively by releasing the needed patches and providing detailed guidance on securing affected systems.

As cloud technology continues to conform, inserting forward robust safety measures remains needed. The discovery and quick addressing of CVE-2024-40767 underscore the importance of vigilance and collaboration sooner or later of the tech community to safeguard digital infrastructure.

Source credit : cybersecuritynews.com

Related Posts

SparkCat Malware Uses OCR to Extract Crypto Wallet...

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited...

Meta’s Llama Framework Flaw Exposes AI Systems to...

Android’s New Identity Check Feature Locks Device Settings...

2025 State of SaaS Backup and Recovery Report

Over 100 Security Flaws Found in LTE and...

DoJ Indicts 5 Individuals for $866K North Korean...

Palo Alto Firewalls Found Vulnerable to Secure Boot...

QakBot-Linked BC Malware Adds Enhanced Remote Access and...

Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity...