Cinder Security Vulnerabilities and Issues — Cinder CVE List

OpenstackCinder

9 matches found

CVE•added 2023/01/26 12:0 a.m.•134 views

CVE-2022-47951

CVE-2022-47951 affects OpenStack components (Cinder, Glance, Nova): by supplying a specially crafted VMDK flat image referencing a backing file path, an authenticated user could cause the server to return the contents of that backing file, enabling unauthorized data access. Affected ranges: Cinde...

5.7CVSS5.1AI score0.01025EPSS

CVE•added 2024/07/05 12:0 a.m.•102 views

CVE-2024-32498

CVE-2024-32498 affects OpenStack components: Cinder (up to 24.0.0), Glance (up to 28.0.2), and Nova (up to 29.0.3). The issue allows arbitrary file access via a crafted QCOW2 external data reference; an authenticated user can cause the server to return contents of a sensitive file by referencing ...

6.5CVSS6.3AI score0.00835EPSS

CVE•added 2016/10/07 2:0 p.m.•96 views

CVE-2015-5162

CVE-2015-5162 affects OpenStack components OpenStack Cinder, Glance, and Nova where the image parser does not properly limit qemu-img calls. This can allow an unprivileged user to trigger a denial of service through crafted disk images, consuming RAM and disk space on the compute host. Affected v...

7.8CVSS7AI score0.03088EPSS

CVE•added 2014/10/08 7:0 p.m.•92 views

CVE-2014-3641

The CVE-2014-3641 issue affects OpenStack Cinder’s GlusterFS and Linux SMBFS drivers prior to 2014.1.3, enabling remote authenticated users to disclose file data from the Cinder-volume host by cloning and attaching a volume with a malicious qcow2 header. Public references note the remediation: up...

4CVSS5.9AI score0.0186EPSS

CVE•added 2018/08/27 5:0 p.m.•83 views

CVE-2017-15139

CVE-2017-15139 affects OpenStack Cinder up to Queens, specifically ScaleIO volumes using thin volumes with zero padding. The vulnerability can lead to leakage of sensitive data between tenants when new volumes are created in certain configurations. Public documentation in connected items confirms...

7.5CVSS7.2AI score0.01244EPSS

CVE•added 2013/09/16 7:0 p.m.•82 views

CVE-2013-4202

OpenStack Cinder (Grizzly, 2013.1.3 and earlier) backs up (api/contrib/backups.py) and volume_transfer (contrib/volume_transfer.py) APIs are vulnerable to XML Entity Expansion (XEE) leading to remote DoS (resource consumption and crash). Root cause is an incomplete fix for CVE-2013-1664 in the XM...

4.3CVSS6.4AI score0.02604EPSS

CVE•added 2013/09/16 7:0 p.m.•74 views

CVE-2013-4183

CVE-2013-4183 concerns OpenStack Cinder (LVMVolumeDriver) where the clear_volume routine used when deleting a snapshot does not properly clear data, potentially allowing local users to access sensitive information. The vulnerability affects OpenStack Cinder releases 2013.1.1 through 2013.1.2. Con...

2.1CVSS5.5AI score0.00406EPSS

CVE•added 2014/10/08 7:0 p.m.•65 views

CVE-2014-7231

OpenStack Oslo utility library issue CVE-2014-7231 affects Cinder, Nova, and Trove before versions 2013.2.4 and 2014.1 before 2014.1.3. The strutils.mask_password() function did not properly mask passwords in command logs, enabling a local user with read access to logs to retrieve passwords. Reme...

2.1CVSS6.1AI score0.00528EPSS

CVE•added 2014/10/08 7:0 p.m.•64 views

CVE-2014-7230

CVE-2014-7230 affects OpenStack components (oslo-incubator, Cinder, Nova, Trove). The vulnerability arises in processutils.execute where certain commands that trigger a ProcessExecutionError may write passwords to logs, allowing local attackers to read them. Mitigations involve upgrading to upstr...

2.1CVSS6.1AI score0.00469EPSS