4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
60.2%
The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.
rhn.redhat.com/errata/RHSA-2014-1787.html
rhn.redhat.com/errata/RHSA-2014-1788.html
seclists.org/oss-sec/2014/q4/78
www.ubuntu.com/usn/USN-2405-1
access.redhat.com/errata/RHSA-2014:1787
access.redhat.com/errata/RHSA-2014:1788
access.redhat.com/security/cve/CVE-2014-3641
bugs.launchpad.net/cinder/+bug/1350504
bugzilla.redhat.com/show_bug.cgi?id=1141996
github.com/advisories/GHSA-qhch-g8qr-p497
nvd.nist.gov/vuln/detail/CVE-2014-3641
web.archive.org/web/20200228053848/www.securityfocus.com/bid/70221