CVE-2024-28717 is a vulnerability identified in the OpenStack Storlets yoga-eom project, specifically within the gateway.py component. The flaw is categorized under CWE-400, which relates to uncontrolled resource consumption or resource exhaustion. This vulnerability allows a remote attacker to execute arbitrary code indirectly by exploiting the gateway.py component, leading primarily to a denial of service condition. The CVSS 3.1 score of 4.9 (medium severity) reflects that the attack vector is network-based (AV:N), requires low attack complexity (AC:L), but demands high privileges (PR:H) and no user interaction (UI:N). The scope remains unchanged (S:U), and the impact is limited to availability (A:H) without affecting confidentiality or integrity. Although the description mentions arbitrary code execution, the CVSS vector and CWE classification suggest the primary impact is resource exhaustion causing service disruption rather than direct code execution or data compromise. No patches or exploits are currently available, indicating that the vulnerability is newly disclosed and may require further analysis and mitigation by OpenStack users.

The primary impact of CVE-2024-28717 is on the availability of systems running OpenStack Storlets yoga-eom, potentially causing denial of service through resource exhaustion. This can disrupt cloud services relying on OpenStack, affecting workloads and applications dependent on the affected component. Since the vulnerability requires high privileges, the risk is somewhat mitigated by existing access controls; however, if an attacker gains such access, they could disrupt service continuity. The lack of impact on confidentiality and integrity reduces risks related to data breaches or unauthorized data modification. Organizations with critical cloud infrastructure using OpenStack Storlets could face operational downtime, impacting business continuity and service level agreements.

To mitigate CVE-2024-28717, organizations should first monitor OpenStack Storlets project communications for official patches or updates addressing this vulnerability. In the absence of patches, administrators should restrict network access to the gateway.py component to trusted users only, enforce strict privilege management to prevent unauthorized high-privilege access, and implement resource usage limits or quotas to prevent resource exhaustion. Additionally, deploying runtime monitoring and anomaly detection can help identify unusual resource consumption patterns indicative of exploitation attempts. Regularly auditing and hardening OpenStack deployments, including disabling unnecessary components and applying the principle of least privilege, will further reduce exposure. Finally, maintaining up-to-date backups and incident response plans will help mitigate potential service disruptions.