Openstack · Openstack Cinder · CVE-2014-3641
**Name of the Vulnerable Software and Affected Versions**
OpenStack Cinder versions prior to 2014.1.3
**Description**
The issue allows remote authenticated users to obtain file data from the Cinder-volume host. This is achieved by cloning and attaching a volume with a crafted qcow2 header, exploiting the GlusterFS and Linux Smbfs drivers in OpenStack Cinder.
**Recommendations**
For versions prior to 2014.1.3, update to version 2014.1.3 or later to resolve the issue.