cinder
PyPI9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting cinderpage 1 of 1
- CVE-2013-2255MEDIUMCVSS 5.9EG 5.9✓ Fixed in 7.0.0a02019-11-01
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
- CVE-2013-4183NONECVSS 0.0✓ Fixed in 7.0.0a02013-09-16
The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.
- CVE-2013-4202NONECVSS 0.0✓ Fixed in 7.0.0a02013-09-16
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an…
- CVE-2014-3641NONECVSS 0.0✓ Fixed in 2014.1.32014-10-08
vulnerable: 10.0.8 ... 25.0.0.0rc2 (116 versions)
The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.
- CVE-2015-1851NONECVSS 0.0EG 0.0✓ Fixed in 7.0.0a02015-06-25
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image co…
- CVE-2015-5162HIGHCVSS 7.5EG 7.5✓ Fixed in 9.0.02016-10-07
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory…
- CVE-2020-10755MEDIUMCVSS 6.5EG 6.5✓ Fixed in 16.1.02020-06-10
vulnerable: 10.0.8 ... 16.0.0 (31 versions)
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16…
- CVE-2022-47951MEDIUMCVSS 5.7EG 5.7✓ Fixed in 20.0.22023-01-26
vulnerable: 20.0.0, 20.0.1
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK …
- CVE-2024-32498MEDIUMCVSS 6.5EG 6.52024-07-05
vulnerable: 10.0.8 ... 24.0.0.0rc2 (113 versions)
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data fi…
Check whether cinder is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for cinder CVEs against the assets you own.
Start Free Scan →