{"id":5013,"date":"2025-04-24T09:46:24","date_gmt":"2025-04-24T07:46:24","guid":{"rendered":"https:\/\/yaook.cloud\/?page_id=5013"},"modified":"2025-04-24T11:34:29","modified_gmt":"2025-04-24T09:34:29","slug":"security-advisories-cve-2024-32498","status":"publish","type":"page","link":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2024-32498\/","title":{"rendered":"security-advisories\/cve-2024-32498"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

YAOOK Security Advisory for CVE-2024-32498<\/h1>
  • Date: 2024-07-02<\/li>
  • Upstream advisory: https:\/\/security.openstack.org\/ossa\/OSSA-2024-001.html<\/li>
  • Upstream bug report: https:\/\/bugs.launchpad.net\/bugs\/2059809<\/li><\/ul>

    What is CVE-2022-47951 and how does it affect YAOOK?<\/h2>

    Is my cluster vulnerable?<\/h2>

    The following images are vulnerable:<\/p>

    • cinder images before version 2.0.86<\/li>
    • glance images before 1.1.117<\/li>
    • nova images before 1.1.86<\/li>
    • nova-compute images before 4.1.114<\/li><\/ul>

      If any of these images are used in your cluster, the cluster is vulnerable.<\/p>

      Mitigating factors<\/h2>

      As all OpenStack services deployed via YAOOK run inside containers, the exposure possibilities are more limited than in non-containerised OpenStack deployments.<\/p>

      However, the vulnerability is still critical. If an attacker manages to exploit nova-compute, it is likely possible to exfiltrate disks and potentially also volumes from other workload running on the same or potentially also other hypervisors.<\/p>

      Upgrading<\/h2>

      A new stable release 0.20240703.0 (which is the same as 0.20240628.0 with only the patches applied) has been published today. You can upgrade to that release simply by updating your operators.<\/p>

      In case you have a large fleet of nova compute nodes, you may want to follow the following procedure in order to speed up the process:<\/p>

      - NOTE: This procedure bypasses several safety mechansims within YAOOK. Use at your own risk! It is similar to the impact of using yaookctl force-upgrade on all compute nodes.<\/p>

      1. Update all operators except the nova-compute-operator to the new release.<\/li>
      2. Reduce the replica count of the nova-compute-operator deployment to 0.<\/li>
      3. For each NovaComputeNode nova-compute statefulset, update the nova-compute image version to 4.1.114.<\/li>
      4. Wait for the StatefulSets to settle.<\/li>
      5. Update the nova-compute operator, while making sure that it is scaled back up to 1 replica.<\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

        YAOOK Security Advisory for CVE-2024-32498 Date: 2024-07-02 Upstream advisory: https:\/\/security.openstack.org\/ossa\/OSSA-2024-001.html Upstream bug report: https:\/\/bugs.launchpad.net\/bugs\/2059809 What is CVE-2022-47951 and how does it affect YAOOK? Is my cluster vulnerable? The following images are vulnerable: cinder images before version 2.0.86 glance images before 1.1.117 nova images before 1.1.86 nova-compute images before 4.1.114 If any of these images are […]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5013","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"\nsecurity-advisories\/cve-2024-32498 » Yaook<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/yaook.cloud\/en\/security-advisories-cve-2024-32498\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"security-advisories\/cve-2024-32498 » Yaook\" \/>\n<meta property=\"og:description\" content=\"YAOOK Security Advisory for CVE-2024-32498 Date: 2024-07-02 Upstream advisory: https:\/\/security.openstack.org\/ossa\/OSSA-2024-001.html Upstream bug report: https:\/\/bugs.launchpad.net\/bugs\/2059809 What is CVE-2022-47951 and how does it affect YAOOK? Is my cluster vulnerable? The following images are vulnerable: cinder images before version 2.0.86 glance images before 1.1.117 nova images before 1.1.86 nova-compute images before 4.1.114 If any of these images are […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/yaook.cloud\/en\/security-advisories-cve-2024-32498\/\" \/>\n<meta property=\"og:site_name\" content=\"Yaook\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-24T09:34:29+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2024-32498\\\/\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2024-32498\\\/\",\"name\":\"security-advisories\\\/cve-2024-32498 » Yaook\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#website\"},\"datePublished\":\"2025-04-24T07:46:24+00:00\",\"dateModified\":\"2025-04-24T09:34:29+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2024-32498\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2024-32498\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/security-advisories-cve-2024-32498\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/yaook.cloud\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"security-advisories\\\/cve-2024-32498\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#website\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/\",\"name\":\"Yaook\",\"description\":\"The Lifecycle Management Tool for OpenStack\",\"publisher\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/yaook.cloud\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#organization\",\"name\":\"ALASCA e.V.\",\"alternateName\":\"Alasca - Verband f\u00fcr betriebsf\u00e4hige, offene Cloud-Infrastrukturen e.V.\",\"url\":\"https:\\\/\\\/yaook.cloud\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/alasca.cloud\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/favicon.png\",\"contentUrl\":\"https:\\\/\\\/alasca.cloud\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/favicon.png\",\"width\":512,\"height\":512,\"caption\":\"ALASCA e.V.\"},\"image\":{\"@id\":\"https:\\\/\\\/yaook.cloud\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"security-advisories\/cve-2024-32498 \u00bb Yaook","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2024-32498\/","og_locale":"en_GB","og_type":"article","og_title":"security-advisories\/cve-2024-32498 » Yaook","og_description":"YAOOK Security Advisory for CVE-2024-32498 Date: 2024-07-02 Upstream advisory: https:\/\/security.openstack.org\/ossa\/OSSA-2024-001.html Upstream bug report: https:\/\/bugs.launchpad.net\/bugs\/2059809 What is CVE-2022-47951 and how does it affect YAOOK? Is my cluster vulnerable? The following images are vulnerable: cinder images before version 2.0.86 glance images before 1.1.117 nova images before 1.1.86 nova-compute images before 4.1.114 If any of these images are […]","og_url":"https:\/\/yaook.cloud\/en\/security-advisories-cve-2024-32498\/","og_site_name":"Yaook","article_modified_time":"2025-04-24T09:34:29+00:00","twitter_card":"summary_large_image","twitter_misc":{"Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/yaook.cloud\/security-advisories-cve-2024-32498\/","url":"https:\/\/yaook.cloud\/security-advisories-cve-2024-32498\/","name":"security-advisories\/cve-2024-32498 \u00bb Yaook","isPartOf":{"@id":"https:\/\/yaook.cloud\/#website"},"datePublished":"2025-04-24T07:46:24+00:00","dateModified":"2025-04-24T09:34:29+00:00","breadcrumb":{"@id":"https:\/\/yaook.cloud\/security-advisories-cve-2024-32498\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/yaook.cloud\/security-advisories-cve-2024-32498\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/yaook.cloud\/security-advisories-cve-2024-32498\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/yaook.cloud\/"},{"@type":"ListItem","position":2,"name":"security-advisories\/cve-2024-32498"}]},{"@type":"WebSite","@id":"https:\/\/yaook.cloud\/#website","url":"https:\/\/yaook.cloud\/","name":"Yaook","description":"The Lifecycle Management Tool for OpenStack","publisher":{"@id":"https:\/\/yaook.cloud\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/yaook.cloud\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/yaook.cloud\/#organization","name":"ALASCA e.V.","alternateName":"Alasca - Verband f\u00fcr betriebsf\u00e4hige, offene Cloud-Infrastrukturen e.V.","url":"https:\/\/yaook.cloud\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/yaook.cloud\/#\/schema\/logo\/image\/","url":"https:\/\/alasca.cloud\/wp-content\/uploads\/2022\/08\/favicon.png","contentUrl":"https:\/\/alasca.cloud\/wp-content\/uploads\/2022\/08\/favicon.png","width":512,"height":512,"caption":"ALASCA e.V."},"image":{"@id":"https:\/\/yaook.cloud\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5013","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/comments?post=5013"}],"version-history":[{"count":8,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5013\/revisions"}],"predecessor-version":[{"id":5050,"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/pages\/5013\/revisions\/5050"}],"wp:attachment":[{"href":"https:\/\/yaook.cloud\/en\/wp-json\/wp\/v2\/media?parent=5013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}