CVE-2014-3641

Published: Oct 8, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

Affected (2)

Products: Openstack: Cinder

Openstack

1 product

Cinder

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Cinder	Up to 2014.1.2
Openstack Cinder	Version 2014.1.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://rhn.redhat.com/errata/RHSA-2014-1787.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-1788.html

Source: secalert@redhat.com

http://seclists.org/oss-sec/2014/q4/78

Source: secalert@redhat.com

http://www.securityfocus.com/bid/70221

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2405-1

Source: secalert@redhat.com

https://bugs.launchpad.net/cinder/+bug/1350504

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2014-1787.html