Data Exposure Risk in OpenStack Cinder Affected by GlusterFS and Smbfs Drivers
CVE-2014-3641
Currently unrated
Summary
A vulnerability in OpenStack Cinder's GlusterFS and Linux Smbfs drivers allows remote authenticated users to exploit crafted qcow2 headers. This exploitation enables attackers to clone and attach volumes, resulting in unauthorized access to sensitive file data on the Cinder-volume host. The issue was present in versions of Cinder prior to 2014.1.3, emphasizing the importance of keeping software up-to-date to mitigate potential security risks.
References
Timeline
Vulnerability published
Vulnerability Reserved