Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.
{ "availability": "No subscription needed", "binaries": [ { "python3-cinder": "2:20.1.0-0ubuntu1", "cinder-scheduler": "2:20.1.0-0ubuntu1", "cinder-backup": "2:20.1.0-0ubuntu1", "cinder-api": "2:20.1.0-0ubuntu1", "cinder-volume": "2:20.1.0-0ubuntu1", "cinder-common": "2:20.1.0-0ubuntu1" } ] }
{ "availability": "No subscription needed", "binaries": [ { "python3-cinder": "2:16.4.2-0ubuntu2.1", "cinder-scheduler": "2:16.4.2-0ubuntu2.1", "cinder-backup": "2:16.4.2-0ubuntu2.1", "cinder-api": "2:16.4.2-0ubuntu2.1", "cinder-volume": "2:16.4.2-0ubuntu2.1", "cinder-common": "2:16.4.2-0ubuntu2.1" } ] }