Waldi

**Name of the Vulnerable Software and Affected Versions** OpenStack Cinder versions prior to 2014.1.5 OpenStack Cinder versions 2014.2.x prior to 2014.2.4 OpenStack Cinder versions 2015.1.x prior to 2015.1.1 **Description** The issue allows remote authenticated users to read arbitrary files by crafting a qcow2 signature in an image to the upload-to-image command. **Recommendations** For versions prior to 2014.1.5, update to version 2014.1.5 or later. For versions 2014.2.x prior to 2014.2.4, update to version 2014.2.4 or later. For versions 2015.1.x prior to 2015.1.1, update to version 2015.1.1 or later.