Cinder

CVEs related to bugs in Cinder

Open bugs

There are no CVEs related to bugs open in Cinder.

Resolved bugs

Bug	CVE(s)
Bug #1050359: Tests fail on 32bit machines (_get_hash_str is platform dependent)	CVE-2012-5625
Cinder	Fix released, assigned to Ben Swartzlander
Bug #1053364: Add SIGPIPE handler to subprocess execution in rootwrap and utils.execute	CVE-2012-5625
Cinder	Fix released, assigned to Thierry Carrez
Bug #1065702: After folsom upgrade, instances can no longer access existing volumes.	CVE-2012-5625
Cinder	Fix released, assigned to John Griffith
Bug #1071536: typo prevents volume_tmp_dir flag from working	CVE-2012-5625
Cinder	Fix released, assigned to Josh Durgin
Bug #1073569: Jenkins jobs fail because of incompatibility between sqlalchemy-migrate and the newest sqlalchemy-0.8.0b1	CVE-2012-4573 CVE-2012-5563 CVE-2012-5571
Cinder	Fix released, assigned to Sean Dague
Bug #1083818: Detached and deleted RBD volumes remain associated with instance	CVE-2012-5625
Cinder	Fix released, assigned to Adam Gandelman
Bug #1100282: [OSSA 2013-004] DoS through XML entity expansion (CVE-2013-1664)	CVE-2013-1664
Cinder	Fix released, assigned to Dan Prince
Bug #1150720: [SRU] There is now a dependency on paramiko v1.8.0	CVE-2013-1664
Cinder	Fix released, assigned to Avishay Traeger
Bug #1177924: Use testr instead of nose as the unittest runner.	CVE-2016-0738
Cinder	Fix released, assigned to Michael Kerrin
Bug #1188189: Some server-side 'SSL' communication fails to check certificates (use of HTTPSConnection)	CVE-2013-2255
Cinder	Fix released, assigned to Ibad Khan
Bug #1190229: [OSSA 2013-023] Potential unsafe XML usage (CVE-2013-4179, CVE-2013-4202)	CVE-2013-4179 CVE-2013-4202
Cinder	Fix released, assigned to Thierry Carrez
Bug #1198185: [OSSA 2013-021] Cinder LVM volume driver does not support secure deletion (CVE-2013-4183)	CVE-2013-4183
Cinder	Fix released, assigned to Rongze Zhu
Bug #1341954: suds client subject to cache poisoning by local attacker	CVE-2013-2217
Cinder	Fix released, assigned to Vipin Balachandran
Bug #1343604: Exceptions thrown, and messages logged by execute() may include passwords (CVE-2014-7230)	CVE-2014-7230
Cinder	Fix released, assigned to Jay Bryant
Bug #1350504: [OSSA 2014-033] GlusterFS driver uses unsafe qcow2 format detection (CVE-2014-3641)	CVE-2014-3641
Cinder	Fix released, assigned to Eric Harney
Bug #1377981: [OSSA 2014-036] Missing fix for ssh_execute (Exceptions thrown may contain passwords) (CVE-2014-7230, CVE-2014-7231)	CVE-2014-7230 CVE-2014-7231
Cinder	Fix released, assigned to Tristan Cacqueray
Bug #1415087: [OSSA 2015-011] Format-guessing and file disclosure in image convert (CVE-2015-1850, CVE-2015-1851)	CVE-2015-1850 CVE-2015-1851
Cinder	Fix released, assigned to Eric Harney
Bug #1449062: [OSSA 2016-012] qemu-img calls need to be restricted by ulimit (CVE-2015-5162)	CVE-2015-1850 CVE-2015-1851 CVE-2015-5162
Cinder	Fix released, assigned to Sean McGinnis
Bug #1529836: Fix deprecated library function (os.popen()).	CVE-2016-0738
Cinder	Fix released, assigned to Harshada Mangesh Kakad
Bug #1699573: ScaleIO volumes contain previous data	CVE-2017-15139
Cinder	Fix released, assigned to tssgery
Bug #1784871: ScaleIO (thin) volumes contain previous data (follow-up to 1699573)	CVE-2017-15139
Cinder	Fix released, assigned to Matan Sabag
Bug #1816468: [SRU] Acceleration cinder - glance with ceph not working	CVE-2019-14433
Cinder	Fix released, assigned to Michal Arbet
Bug #1823200: Improper handling of ScaleIO backend credentials	CVE-2020-10755
Cinder	Fix released, assigned to Sean McGinnis
Bug #1945500: [SRU] It's not possible to upload a volume that was build from an image back to glance, if multistore (glance) is enabled.	CVE-2023-2088
Cinder	Fix released (unassigned)
Bug #1996188: [OSSA-2023-002] Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951)	CVE-2022-47951
Cinder	Fix released (unassigned)
Bug #2004555: [OSSA-2023-003] Unauthorized volume access through deleted volume attachments (CVE-2023-2088)	CVE-2023-2088
Cinder	Fix released (unassigned)