OpenStack Cinder vulnerabilities

2014-11-11T00:00:00
ID USN-2405-1
Type ubuntu
Reporter Ubuntu
Modified 2014-11-11T00:00:00

Description

Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated user could exploit this to potentially obtain file contents from the compute host. (CVE-2014-3641)

Amrith Kumar discovered that OpenStack Cinder did not properly sanitize log message contents. Under certain circumstances, a local attacker with read access to Cinder log files could obtain access to sensitive information. (CVE-2014-7230)