4 matches found
openstack-cinder: Host file disclosure through qcow2 backing file
A flaw was found in the OpenStack Block Storage cinder upload-to-image functionality. When processing a malicious qcow2 header, cinder could be tricked into reading an arbitrary file from the cinder host...
OpenStack Cinder Information Disclosure Vulnerability (CNVD-2015-04083)
Cinder is OpenStack's chunked storage service. A security vulnerability exists in OpenStack Cinder, which can be exploited by an authenticated remote user to read arbitrary files by using a constructed graphical qcow2 signature within the upload-to-image command...
DEBIAN-CVE-2015-1851
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...
UBUNTU-CVE-2015-1851
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...