CVE-2014-3641

CWE-200 — Information Exposure CWE-22 — Path Traversal11 documents8 sources

Severity

4.0MEDIUM

EPSS

0.3%

top 43.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Cinder

Timeline

PublishedOct 8

Latest updateMay 17

Description

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages4 packages

▶NVDopenstack/cinder2014.1.2+1

▶PyPIcinder< 2014.1.3

▶Debiancinder< 2014.1.3-1+3

▶Ubuntucinder< 1:2014.1.3-0ubuntu1.1

🔴Vulnerability Details

OSV

OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability↗2022-05-17

▶

GHSA

OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability↗2022-05-17

▶

OSV

cinder vulnerabilities↗2014-11-11

▶

OSV

CVE-2014-3641: The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014↗2014-10-08

▶

CVEList

CVE-2014-3641: The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014↗2014-10-08

▶

📋Vendor Advisories

Ubuntu

OpenStack Cinder vulnerabilities↗2014-11-11

▶

Red Hat

openstack-cinder: Cinder-volume host data leak to virtual machine instance↗2014-10-02

▶

Debian

CVE-2014-3641: cinder - The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1....↗2014

▶

💬Community

Bugzilla

CVE-2014-3641 openstack-cinder: Cinder-volume host data leak to virtual machine instance [fedora-all]↗2014-10-03

▶

Bugzilla

CVE-2014-3641 openstack-cinder: Cinder-volume host data leak to virtual machine instance↗2014-09-16

▶