FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-cinder -- data leak

Affected packages
py310-cinder <= 12.0.9
13.0.0 <= py310-cinder <= 13.0.9
14.0.0 <= py310-cinder <= 14.3.1
15.0.0 <= py310-cinder <= 15.6.0
16.0.0 <= py310-cinder <= 16.4.2
17.0.0 <= py310-cinder <= 17.4.0
18.0.0 <= py310-cinder <= 18.2.1
19.0.0 <= py310-cinder <= 19.2.0
20.0.0 <= py310-cinder <= 20.1.0
21.0.0 <= py310-cinder <= 21.1.0
22.0.0 <= py310-cinder <= 22.0.0.0rc2
py311-cinder <= 12.0.9
13.0.0 <= py311-cinder <= 13.0.9
14.0.0 <= py311-cinder <= 14.3.1
15.0.0 <= py311-cinder <= 15.6.0
16.0.0 <= py311-cinder <= 16.4.2
17.0.0 <= py311-cinder <= 17.4.0
18.0.0 <= py311-cinder <= 18.2.1
19.0.0 <= py311-cinder <= 19.2.0
20.0.0 <= py311-cinder <= 20.1.0
21.0.0 <= py311-cinder <= 21.1.0
22.0.0 <= py311-cinder <= 22.0.0.0rc2
py37-cinder <= 12.0.9
13.0.0 <= py37-cinder <= 13.0.9
14.0.0 <= py37-cinder <= 14.3.1
15.0.0 <= py37-cinder <= 15.6.0
16.0.0 <= py37-cinder <= 16.4.2
17.0.0 <= py37-cinder <= 17.4.0
18.0.0 <= py37-cinder <= 18.2.1
19.0.0 <= py37-cinder <= 19.2.0
20.0.0 <= py37-cinder <= 20.1.0
21.0.0 <= py37-cinder <= 21.1.0
22.0.0 <= py37-cinder <= 22.0.0.0rc2
py38-cinder <= 12.0.9
13.0.0 <= py38-cinder <= 13.0.9
14.0.0 <= py38-cinder <= 14.3.1
15.0.0 <= py38-cinder <= 15.6.0
16.0.0 <= py38-cinder <= 16.4.2
17.0.0 <= py38-cinder <= 17.4.0
18.0.0 <= py38-cinder <= 18.2.1
19.0.0 <= py38-cinder <= 19.2.0
20.0.0 <= py38-cinder <= 20.1.0
21.0.0 <= py38-cinder <= 21.1.0
22.0.0 <= py38-cinder <= 22.0.0.0rc2
py39-cinder <= 12.0.9
13.0.0 <= py39-cinder <= 13.0.9
14.0.0 <= py39-cinder <= 14.3.1
15.0.0 <= py39-cinder <= 15.6.0
16.0.0 <= py39-cinder <= 16.4.2
17.0.0 <= py39-cinder <= 17.4.0
18.0.0 <= py39-cinder <= 18.2.1
19.0.0 <= py39-cinder <= 19.2.0
20.0.0 <= py39-cinder <= 20.1.0
21.0.0 <= py39-cinder <= 21.1.0
22.0.0 <= py39-cinder <= 22.0.0.0rc2

Details

VuXML ID f4a94232-7864-4afb-bbf9-ff2dc8e288d1
Discovery 2022-05-17
Entry 2023-04-09

Duncan Thomas reports:

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

References

CVE Name CVE-2014-3641
URL https://osv.dev/vulnerability/GHSA-qhch-g8qr-p497