CVE-2024-40767 is a medium-severity vulnerability affecting OpenStack Nova, a core component of the OpenStack cloud computing platform responsible for provisioning and managing virtual machines. The issue arises when Nova processes raw format images that are actually crafted QCOW2 images with backing file paths or VMDK flat images with descriptor file paths. By supplying such a crafted image, an authenticated user with low privileges can trick the system into reading and returning the contents of arbitrary files referenced by these backing or descriptor paths. This leads to unauthorized disclosure of potentially sensitive server-side files. The vulnerability is a result of an incomplete remediation of earlier related vulnerabilities (CVE-2022-47951 and CVE-2024-32498) that also involved improper handling of image backing files. Since Nova is widely deployed in private and public clouds, this flaw can expose sensitive configuration files, credentials, or other critical data stored on the server hosting Nova. Exploitation requires authentication but no user interaction, and the attack vector is network-based, making remote exploitation feasible within the authenticated user base. No patches were linked in the provided data, but fixed versions are identified as 27.4.1, 28.2.1, and 29.1.1. The vulnerability is categorized under CWE-552 (Files or Directories Accessible to External Parties), emphasizing unauthorized file disclosure risks.

For European organizations relying on OpenStack Nova for their cloud infrastructure, this vulnerability poses a significant risk of unauthorized data exposure. Sensitive information such as configuration files, private keys, credentials, or proprietary data stored on the Nova server could be leaked to authenticated but unauthorized users. This could lead to further compromise, including privilege escalation, lateral movement, or data breaches impacting confidentiality and potentially availability if attackers leverage disclosed information to disrupt services. Given the widespread adoption of OpenStack in European public and private sectors, including government, finance, and telecommunications, the impact could be substantial. Organizations with multi-tenant environments are particularly at risk, as attackers could access data belonging to other tenants. The medium CVSS score reflects moderate ease of exploitation balanced against the requirement for authentication and the scope of impact. However, the potential for sensitive data leakage makes this a critical concern for compliance with GDPR and other data protection regulations in Europe.

European organizations should prioritize upgrading OpenStack Nova to versions 27.4.1, 28.2.1, or 29.1.1 or later, where this vulnerability is fixed. Until patches are applied, strict access controls should be enforced to limit authenticated user privileges, minimizing the number of users able to upload or manipulate VM images. Implement rigorous monitoring and logging of image upload activities to detect anomalous or suspicious image formats, especially those involving QCOW2 or VMDK images with backing files. Employ network segmentation to isolate management interfaces and restrict image upload capabilities to trusted administrators. Conduct thorough audits of existing images to identify and remove any potentially malicious or crafted images. Additionally, review and harden Nova configuration settings related to image handling and file access. Organizations should also consider deploying runtime security tools that can detect unusual file access patterns or attempts to read unauthorized files. Finally, maintain an incident response plan tailored to cloud infrastructure compromises to quickly contain any exploitation attempts.