Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1xaGNoLWc4cXItcDQ5N84AAd_A

OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

Permalink: https://github.com/advisories/GHSA-qhch-g8qr-p497
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xaGNoLWc4cXItcDQ5N84AAd_A
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago

Identifiers: GHSA-qhch-g8qr-p497, CVE-2014-3641
References:

Blast Radius: 0.0

Affected Packages

pypi:cinder

Dependent packages: 1
Dependent repositories: 12
Downloads: 5,053 last month
Affected Version Ranges: < 2014.1.3
Fixed in: 2014.1.3
All affected versions: 10.0.8, 11.2.0, 11.2.1, 11.2.2, 12.0.4, 12.0.5, 12.0.6, 12.0.7, 12.0.8, 12.0.9, 12.0.10, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.0.7, 13.0.8, 13.0.9, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.1.0, 14.2.0, 14.2.1, 14.3.0, 14.3.1, 15.0.0, 15.0.1, 15.1.0, 15.2.0, 15.3.0, 15.4.0, 15.4.1, 15.5.0, 15.6.0, 16.0.0, 16.1.0, 16.2.0, 16.2.1, 16.3.0, 16.4.0, 16.4.1, 16.4.2, 17.0.0, 17.0.1, 17.1.0, 17.2.0, 17.3.0, 17.4.0, 18.0.0, 18.1.0, 18.2.0, 18.2.1, 19.0.0, 19.1.0, 19.1.1, 19.2.0, 19.3.0, 20.0.0, 20.0.1, 20.1.0, 20.2.0, 20.3.0, 20.3.1, 20.3.2, 21.0.0, 21.1.0, 21.2.0, 21.3.0, 21.3.1, 21.3.2, 22.0.0, 22.1.0, 22.1.1, 22.1.2, 23.0.0, 23.1.0, 24.0.0
All unaffected versions: