Data Exposure Risk in OpenStack Cinder Affected by GlusterFS and Smbfs Drivers
CVE-2014-3641

Currently unrated

Key Information:

Vendor: Openstack
Status: Cinder
Vendor: CVE Published:; 8 October 2014

Summary

A vulnerability in OpenStack Cinder's GlusterFS and Linux Smbfs drivers allows remote authenticated users to exploit crafted qcow2 headers. This exploitation enables attackers to clone and attach volumes, resulting in unauthorized access to sensitive file data on the Cinder-volume host. The issue was present in versions of Cinder prior to 2014.1.3, emphasizing the importance of keeping software up-to-date to mitigate potential security risks.

References

http://rhn.redhat.com/errata/RHSA-2014-1788.html

vendor-advisoryx_refsource_REDHAT

http://seclists.org/oss-sec/2014/q4/78

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/70221

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 8, 2014
Vulnerability Reserved
May 14, 2014