GHSA-9hcj-h2qc-689p

Suggest an improvement
Source
https://github.com/advisories/GHSA-9hcj-h2qc-689p
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hcj-h2qc-689p/GHSA-9hcj-h2qc-689p.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-9hcj-h2qc-689p
Aliases
Published
2022-05-17T03:15:10Z
Modified
2024-05-14T21:41:49.029189Z
Summary
OpenStack Cinder file disclosure in image convert
Details

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

Database specific
{
    "nvd_published_at": "2015-06-25T16:59:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-14T21:25:56Z"
}
References

Affected packages

PyPI / cinder

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.0a0