CVE-2015-1851

OpenStack Cinder contains a vulnerability (CVE-2015-1851) where remote authenticated users could read arbitrary files via a crafted qcow2 header in the upload-to-image command. Affected series include OpenStack Cinder releases up to 2014.1.5 (icehouse), 2014.2.x up to 2014.2.4 (juno), and 2015.1....