Search CVE reports
1 – 10 of 14 results
CVE-2024-32498
Medium prioritySome fixes available 15 of 21
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references...
3 affected packages
cinder, glance, nova
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cinder | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| glance | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| nova | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-2088
Medium prioritySome fixes available 10 of 30
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their...
5 affected packages
cinder, ironic, nova, python-glance-store, python-os-brick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cinder | — | Fixed | Ignored | Ignored | Ignored |
| ironic | — | Fixed | Ignored | Ignored | Ignored |
| nova | — | Fixed | Ignored | Ignored | Ignored |
| python-glance-store | — | Fixed | Ignored | Ignored | Ignored |
| python-os-brick | — | Fixed | Ignored | Ignored | Ignored |
CVE-2022-47951
Medium prioritySome fixes available 23 of 25
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially...
3 affected packages
cinder, glance, nova
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cinder | Fixed | Fixed | Fixed | Fixed | Vulnerable |
| glance | Fixed | Fixed | Fixed | Not affected | Not affected |
| nova | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2020-10755
Low prioritySome fixes available 4 of 17
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions...
2 affected packages
cinder, python-os-brick
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cinder | Not affected | Not affected | Fixed | Fixed | Vulnerable |
| python-os-brick | Not affected | Not affected | Fixed | Fixed | Vulnerable |
CVE-2013-2255
Low priorityHTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
6 affected packages
cinder, keystone, nova, python-keystoneclient, quantum, swift
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cinder | — | — | — | — | — |
| keystone | — | — | — | — | — |
| nova | — | — | — | — | — |
| python-keystoneclient | — | — | — | — | — |
| quantum | — | — | — | — | — |
| swift | — | — | — | — | — |
CVE-2017-15139
Low prioritySome fixes available 14 of 15
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using...
1 affected packages
cinder
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cinder | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2015-1851
Medium prioritySome fixes available 1 of 2
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the...
1 affected packages
cinder
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cinder | — | — | — | — | — |
CVE-2014-7230
Low prioritySome fixes available 2 of 15
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
3 affected packages
cinder, nova, trove
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cinder | — | — | — | Not affected | Not affected |
| nova | — | — | — | Not affected | Not affected |
| trove | — | — | — | Ignored | Ignored |
CVE-2014-3641
Medium priorityThe (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.
1 affected packages
cinder
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cinder | — | — | — | — | — |
CVE-2013-1068
Medium priorityThe OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0...
2 affected packages
cinder, nova
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cinder | — | — | — | — | — |
| nova | — | — | — | — | — |