Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "cinder-api", "binary_version": "2:16.4.2-0ubuntu2.8" }, { "binary_name": "cinder-backup", "binary_version": "2:16.4.2-0ubuntu2.8" }, { "binary_name": "cinder-common", "binary_version": "2:16.4.2-0ubuntu2.8" }, { "binary_name": "cinder-scheduler", "binary_version": "2:16.4.2-0ubuntu2.8" }, { "binary_name": "cinder-volume", "binary_version": "2:16.4.2-0ubuntu2.8" }, { "binary_name": "python3-cinder", "binary_version": "2:16.4.2-0ubuntu2.8" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "cinder-api", "binary_version": "2:20.3.1-0ubuntu1.4" }, { "binary_name": "cinder-backup", "binary_version": "2:20.3.1-0ubuntu1.4" }, { "binary_name": "cinder-common", "binary_version": "2:20.3.1-0ubuntu1.4" }, { "binary_name": "cinder-scheduler", "binary_version": "2:20.3.1-0ubuntu1.4" }, { "binary_name": "cinder-volume", "binary_version": "2:20.3.1-0ubuntu1.4" }, { "binary_name": "python3-cinder", "binary_version": "2:20.3.1-0ubuntu1.4" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "cinder-api", "binary_version": "2:24.0.0-0ubuntu1.2" }, { "binary_name": "cinder-backup", "binary_version": "2:24.0.0-0ubuntu1.2" }, { "binary_name": "cinder-common", "binary_version": "2:24.0.0-0ubuntu1.2" }, { "binary_name": "cinder-scheduler", "binary_version": "2:24.0.0-0ubuntu1.2" }, { "binary_name": "cinder-volume", "binary_version": "2:24.0.0-0ubuntu1.2" }, { "binary_name": "python3-cinder", "binary_version": "2:24.0.0-0ubuntu1.2" } ] }