openstack-glance: Glance v2 API host file disclosure through qcow2 backing file
A flaw was found in the OpenStack Image Service glance import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw...