Emergency Security Vulnerability
Incident Report for Fuga Cloud
This incident has been resolved.
Posted Jan 25, 2023 - 21:01 CET
The fix is implemented for Region AMS2, which we will be monitoring. If you experience any problem we'd certainly like to hear from you via chat, phone or email (support@fuga.cloud)
Posted Jan 25, 2023 - 17:20 CET
We are continuing to work on a fix for this issue.
Posted Jan 25, 2023 - 11:11 CET
Update: There is NO IMPACT on RUNNING customer workloads, Volume storage and Object Storage

A team from OVH found a vulnerability in the VMDK image processing code and reported it to the OpenStack security team (https://cve.report/CVE-2022-47951).

At the moment we have closed our registration and APIs so that any abuse can be prevented. We are also investigating whether this vulnerability has been exploited at all. And at the same time, we are working on a patch to solve this problem.
We advise not to push any changes till further notice.
Our first priority is to get the AMS1 object store back, so impact for our customers will be as minimum as possible.

Apologies for any inconvenience.
Posted Jan 25, 2023 - 10:55 CET
This incident affected: Portal and Dashboard Services and Cloud API Services AMS.