Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenStack Cinder 信息泄露漏洞
Vulnerability Description
OpenStack是美国国家航空航天局(National Aeronautics and Space Administration)和美国Rackspace公司合作研发的一个云平台管理项目。Cinder为其提供块存储服务功能。 OpenStack Cinder中存在安全漏洞。远程攻击者可借助上传的图像中特制的qcow2签名利用该漏洞读取任意文件。以下版本受到影响:OpenStack Cinder 2014.1.5(icehouse)之前版本,2014.2.4(juno)之前2014.2.x版本,2015.
CVSS Information
N/A
Vulnerability Type
N/A