ALT-PU-2015-2872-1

Обновление пакета openstack-cinder в ветке sisyphus

Версия2015.1.0-alt0.b2.0

Задание#141666

Опубликовано2015-03-18

Макс. серьёзностьMEDIUM

Серьёзность:

Закрытые проблемы (5)

MEDIUM4.0

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

Опубликовано: 2014-10-08Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N

Ссылки

LOW2.1

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

Опубликовано: 2014-10-08Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

Ссылки

LOW2.1

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

Опубликовано: 2014-10-08Изменено: 2025-04-12

CVSS 2.0НИЗКАЯ 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

Ссылки

GHSA-qhch-g8qr-p497

NONE

OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Опубликовано: 2022-05-17Изменено: 2023-02-08

Ссылки

GHSA-v933-vx5p-j7w2

NONE

OpenStack Oslo utility sensitive information exposure via log files

Опубликовано: 2022-05-14Изменено: 2024-05-15

Ссылки