GHSA-qhch-g8qr-p497

Suggest an improvement
Source
https://github.com/advisories/GHSA-qhch-g8qr-p497
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qhch-g8qr-p497/GHSA-qhch-g8qr-p497.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-qhch-g8qr-p497
Aliases
Published
2022-05-17T04:21:11Z
Modified
2024-12-04T05:26:59.141247Z
Summary
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Details

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

Database specific
{
    "nvd_published_at": "2014-10-08T19:55:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-08T19:51:20Z"
}
References

Affected packages

PyPI / cinder

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2014.1.3

Affected versions

10.*

10.0.8

11.*

11.2.0
11.2.1
11.2.2

12.*

12.0.4
12.0.5
12.0.6
12.0.7
12.0.8
12.0.9
12.0.10

13.*

13.0.1
13.0.2
13.0.3
13.0.4
13.0.5
13.0.6
13.0.7
13.0.8
13.0.9

14.*

14.0.0.0rc1
14.0.0.0rc2
14.0.0
14.0.1
14.0.2
14.0.3
14.0.4
14.1.0
14.2.0
14.2.1
14.3.0
14.3.1

15.*

15.0.0.0rc1
15.0.0.0rc2
15.0.0
15.0.1
15.1.0
15.2.0
15.3.0
15.4.0
15.4.1
15.5.0
15.6.0

16.*

16.0.0.0b1
16.0.0.0rc1
16.0.0.0rc2
16.0.0.0rc3
16.0.0
16.1.0
16.2.0
16.2.1
16.3.0
16.4.0
16.4.1
16.4.2

17.*

17.0.0.0rc1
17.0.0.0rc2
17.0.0
17.0.1
17.1.0
17.2.0
17.3.0
17.4.0

18.*

18.0.0.0b1
18.0.0.0rc1
18.0.0.0rc2
18.0.0
18.1.0
18.2.0
18.2.1

19.*

19.0.0.0b1
19.0.0.0rc1
19.0.0.0rc2
19.0.0
19.1.0
19.1.1
19.2.0
19.3.0

20.*

20.0.0.0rc1
20.0.0.0rc2
20.0.0
20.0.1
20.1.0
20.2.0
20.3.0
20.3.1
20.3.2

21.*

21.0.0.0rc2
21.0.0
21.1.0
21.2.0
21.3.0
21.3.1
21.3.2

22.*

22.0.0.0rc1
22.0.0.0rc2
22.0.0
22.1.0
22.1.1
22.1.2
22.2.0
22.3.0

23.*

23.0.0.0rc1
23.0.0.0rc2
23.0.0
23.1.0
23.2.0
23.3.0

24.*

24.0.0.0rc1
24.0.0.0rc2
24.0.0
24.1.0
24.2.0

25.*

25.0.0.0rc1
25.0.0.0rc2
25.0.0