Vulnerability	Vulnerable Version
C Improper Input Validation cinder is a storage service for an open cloud computing service Affected versions of this package are vulnerable to Improper Input Validation in `QCOW2` image processing. An authenticated user may convince systems to return a copy of that file's contents from the server resulting in unauthorized access to potentially sensitive data and unbounded memory/CPU consumption. Note: All Cinder deployments are affected; only Glance deployments with image conversion enabled are affected; all Nova deployments are affected. How to fix Improper Input Validation? Upgrade `cinder` to version 22.2.0, 23.2.0, 24.1.0 or higher.	[,22.2.0)[23.0.0,23.2.0)[24.0.0,24.1.0)
M Expected Behavior Violation cinder is a storage service for an open cloud computing service Affected versions of this package are vulnerable to Expected Behavior Violation. A remote, authenticated attacker can exploit this vulnerability by detaching one of their volumes from Cinder. How to fix Expected Behavior Violation? Upgrade `cinder` to version 23.0.0.0rc1 or higher.	[,23.0.0.0rc1)
M Information Exposure cinder is a storage service for an open cloud computing service Affected versions of this package are vulnerable to Information Exposure when supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. How to fix Information Exposure? Upgrade `cinder` to version 21.1.0 or higher.	[0,21.1.0)

Go back to all versions of this package