Martin Kaesberger

**Name of the Vulnerable Software and Affected Versions** OpenStack Cinder versions through 24.0.0 OpenStack Glance versions before 28.0.2 OpenStack Nova versions before 29.0.3 **Description** An issue was discovered in OpenStack, allowing arbitrary file access via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected. It is estimated that over 12,500 services are potentially affected. **Recommendations** For OpenStack Cinder versions through 24.0.0, update to a version after 24.0.0 to resolve the issue. For OpenStack Glance versions before 28.0.2, update to version 28.0.2 or later to resolve the issue, but only if image conversion is enabled. For OpenStack Nova versions before 29.0.3, update to version 29.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to custom QCOW2 external data to minimize the risk of exploitation.