GHSA-qhch-g8qr-p497

Source

https://github.com/advisories/GHSA-qhch-g8qr-p497

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qhch-g8qr-p497/GHSA-qhch-g8qr-p497.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qhch-g8qr-p497

Aliases

CVE-2014-3641

Published

2022-05-17T04:21:11Z

Modified

2023-11-08T03:57:40.002933Z

Summary

OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Details

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

References

Affected packages

PyPI / cinder

Package

Name: cinder; View open source insights on deps.dev
Purl: pkg:pypi/cinder

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2014.1.3

Affected versions

10.*

10.0.8

11.*

11.2.0

11.2.1

11.2.2

12.*

12.0.4

12.0.5

12.0.6

12.0.7

12.0.8

12.0.9

12.0.10

13.*

13.0.1

13.0.2

13.0.3

13.0.4

13.0.5

13.0.6

13.0.7

13.0.8

13.0.9

14.*

14.0.0.0rc1

14.0.0.0rc2

14.0.0

14.0.1

14.0.2

14.0.3

14.0.4

14.1.0

14.2.0

14.2.1

14.3.0

14.3.1

15.*

15.0.0.0rc1

15.0.0.0rc2

15.0.0

15.0.1

15.1.0

15.2.0

15.3.0

15.4.0

15.4.1

15.5.0

15.6.0

16.*

16.0.0.0b1

16.0.0.0rc1

16.0.0.0rc2

16.0.0.0rc3

16.0.0

16.1.0

16.2.0

16.2.1

16.3.0

16.4.0

16.4.1

16.4.2

17.*

17.0.0.0rc1

17.0.0.0rc2

17.0.0

17.0.1

17.1.0

17.2.0

17.3.0

17.4.0

18.*

18.0.0.0b1

18.0.0.0rc1

18.0.0.0rc2

18.0.0

18.1.0

18.2.0

18.2.1

19.*

19.0.0.0b1

19.0.0.0rc1

19.0.0.0rc2

19.0.0

19.1.0

19.1.1

19.2.0

20.*

20.0.0.0rc1

20.0.0.0rc2

20.0.0

20.0.1

20.1.0

21.*

21.0.0.0rc2

21.0.0

21.1.0

22.*

22.0.0.0rc1

22.0.0.0rc2

22.0.0