Data Exposure Risk in OpenStack Cinder Affected by GlusterFS and Smbfs Drivers
CVE-2014-3641

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
8 October 2014

Summary

A vulnerability in OpenStack Cinder's GlusterFS and Linux Smbfs drivers allows remote authenticated users to exploit crafted qcow2 headers. This exploitation enables attackers to clone and attach volumes, resulting in unauthorized access to sensitive file data on the Cinder-volume host. The issue was present in versions of Cinder prior to 2014.1.3, emphasizing the importance of keeping software up-to-date to mitigate potential security risks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.