Remote File Data Disclosure in OpenStack Cinder

Remote File Data Disclosure in OpenStack Cinder

CVE-2014-3641 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.