Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie

Type deb

Namespace debian

Name cinder

Version 2:28.0.0-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4cvx-j5g1-23hx

vulnerability_id VCID-4cvx-j5g1-23hx

summary The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2013-1198.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-1198.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4183.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4183.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4183

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.3644
published_at	2026-04-02T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36298
published_at	2026-04-21T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36352
published_at	2026-04-18T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36368
published_at	2026-04-16T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36327
published_at	2026-04-13T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36349
published_at	2026-04-12T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36384
published_at	2026-04-11T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36377
published_at	2026-04-09T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36356
published_at	2026-04-08T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36308
published_at	2026-04-07T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36473
published_at	2026-04-04T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36251
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4183

reference_url

https://bugs.launchpad.net/cinder/+bug/1198185

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/cinder/+bug/1198185

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4183
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4183

reference_url

https://github.com/openstack/cinder

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder

reference_url

https://github.com/openstack/cinder/commit/0ee31073c5cb432a9cdd2648e99aa802b0ed0a17

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder/commit/0ee31073c5cb432a9cdd2648e99aa802b0ed0a17

reference_url

https://github.com/openstack/cinder/commit/68c597e26b5659a036a7a937622e539bac102308

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder/commit/68c597e26b5659a036a7a937622e539bac102308

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/cinder/PYSEC-2013-35.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/cinder/PYSEC-2013-35.yaml

reference_url

https://rhn.redhat.com/errata/RHSA-2013-1198.html

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2013-1198.html

reference_url

https://www.ubuntu.com/usn/USN-2005-1

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.ubuntu.com/usn/USN-2005-1

reference_url	http://www.ubuntu.com/usn/USN-2005-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2005-1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719010
reference_id	719010
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719010

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=994355
reference_id	994355
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=994355

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4183

reference_id

CVE-2013-4183

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4183

reference_url

https://github.com/advisories/GHSA-q3rw-wcj6-8cjf

reference_id

GHSA-q3rw-wcj6-8cjf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q3rw-wcj6-8cjf

reference_url	https://access.redhat.com/errata/RHSA-2013:1198
reference_id	RHSA-2013:1198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1198

reference_url	https://usn.ubuntu.com/2005-1/
reference_id	USN-2005-1
reference_type
scores
url	https://usn.ubuntu.com/2005-1/

fixed_packages

url	pkg:deb/debian/cinder@2013.1.2-4?distro=trixie
purl	pkg:deb/debian/cinder@2013.1.2-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2013.1.2-4%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2013-4183, GHSA-q3rw-wcj6-8cjf, PYSEC-2013-35

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cvx-j5g1-23hx

url VCID-7uus-f9pq-qkb5

vulnerability_id VCID-7uus-f9pq-qkb5

summary An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack project

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10755.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10755.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10755

reference_id

reference_type

scores

value	0.00182
scoring_system	epss
scoring_elements	0.40045
published_at	2026-04-16T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39937
published_at	2026-04-21T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.40016
published_at	2026-04-18T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54597
published_at	2026-04-07T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54618
published_at	2026-04-13T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54639
published_at	2026-04-12T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54656
published_at	2026-04-11T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54644
published_at	2026-04-09T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54649
published_at	2026-04-08T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54535
published_at	2026-04-01T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54605
published_at	2026-04-02T12:55:00Z

value	0.00315
scoring_system	epss
scoring_elements	0.54629
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10755

reference_url

https://bugs.launchpad.net/cinder/+bug/1823200

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/cinder/+bug/1823200

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10755

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10755

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10755
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10755

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/cinder/commit/ba785eef5f515b869c0d68016e84bb74f76ab45e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder/commit/ba785eef5f515b869c0d68016e84bb74f76ab45e

reference_url

https://github.com/openstack/os-brick/commit/4047948f1ac8055a025972ad73ec3ec421450775

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/os-brick/commit/4047948f1ac8055a025972ad73ec3ec421450775

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/cinder/PYSEC-2020-228.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/cinder/PYSEC-2020-228.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10755

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10755

reference_url

https://usn.ubuntu.com/4420-1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4420-1

reference_url	https://usn.ubuntu.com/4420-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4420-1/

reference_url

https://wiki.openstack.org/wiki/OSSN/OSSN-0086

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://wiki.openstack.org/wiki/OSSN/OSSN-0086

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1842748
reference_id	1842748
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1842748

reference_url

https://github.com/advisories/GHSA-v3m2-pg96-w33m

reference_id

GHSA-v3m2-pg96-w33m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v3m2-pg96-w33m

reference_url	https://access.redhat.com/errata/RHSA-2020:4283
reference_id	RHSA-2020:4283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4283

reference_url	https://access.redhat.com/errata/RHSA-2020:4391
reference_id	RHSA-2020:4391
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4391

fixed_packages

url	pkg:deb/debian/cinder@2:16.1.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:16.1.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:16.1.0-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2020-10755, GHSA-v3m2-pg96-w33m, PYSEC-2020-228

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7uus-f9pq-qkb5

url VCID-br4q-499g-vqhg

vulnerability_id VCID-br4q-499g-vqhg

summary

OpenStack Cinder, glance, and Nova vulnerable to Path Traversal
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-47951

reference_id

reference_type

scores

value	0.00731
scoring_system	epss
scoring_elements	0.72724
published_at	2026-04-21T12:55:00Z

value	0.00731
scoring_system	epss
scoring_elements	0.72732
published_at	2026-04-18T12:55:00Z

value	0.00731
scoring_system	epss
scoring_elements	0.72721
published_at	2026-04-16T12:55:00Z

value	0.00731
scoring_system	epss
scoring_elements	0.72679
published_at	2026-04-13T12:55:00Z

value	0.00731
scoring_system	epss
scoring_elements	0.72689
published_at	2026-04-12T12:55:00Z

value	0.00731
scoring_system	epss
scoring_elements	0.72706
published_at	2026-04-11T12:55:00Z

value	0.00731
scoring_system	epss
scoring_elements	0.72682
published_at	2026-04-09T12:55:00Z

value	0.00731
scoring_system	epss
scoring_elements	0.72669
published_at	2026-04-08T12:55:00Z

value	0.00731
scoring_system	epss
scoring_elements	0.7263
published_at	2026-04-07T12:55:00Z

value	0.00731
scoring_system	epss
scoring_elements	0.72653
published_at	2026-04-04T12:55:00Z

value	0.00731
scoring_system	epss
scoring_elements	0.72635
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-47951

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://launchpad.net/bugs/1996188

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/

url

https://launchpad.net/bugs/1996188

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html

reference_url

https://security.openstack.org/ossa/OSSA-2023-002.html

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/

url

https://security.openstack.org/ossa/OSSA-2023-002.html

reference_url

https://www.debian.org/security/2023/dsa-5336

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/

url

https://www.debian.org/security/2023/dsa-5336

reference_url

https://www.debian.org/security/2023/dsa-5337

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/

url

https://www.debian.org/security/2023/dsa-5337

reference_url

https://www.debian.org/security/2023/dsa-5338

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/

url

https://www.debian.org/security/2023/dsa-5338

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
reference_id	1029561
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562
reference_id	1029562
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563
reference_id	1029563
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2161812
reference_id	2161812
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2161812

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-47951

reference_id

CVE-2022-47951

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-47951

reference_url

https://github.com/advisories/GHSA-7h75-hwxx-qpgc

reference_id

GHSA-7h75-hwxx-qpgc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7h75-hwxx-qpgc

reference_url	https://access.redhat.com/errata/RHSA-2023:1015
reference_id	RHSA-2023:1015
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1015

reference_url	https://access.redhat.com/errata/RHSA-2023:1016
reference_id	RHSA-2023:1016
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1016

reference_url	https://access.redhat.com/errata/RHSA-2023:1017
reference_id	RHSA-2023:1017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1017

reference_url	https://access.redhat.com/errata/RHSA-2023:1278
reference_id	RHSA-2023:1278
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1278

reference_url	https://access.redhat.com/errata/RHSA-2023:1279
reference_id	RHSA-2023:1279
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1279

reference_url	https://access.redhat.com/errata/RHSA-2023:1280
reference_id	RHSA-2023:1280
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1280

reference_url	https://usn.ubuntu.com/5835-1/
reference_id	USN-5835-1
reference_type
scores
url	https://usn.ubuntu.com/5835-1/

reference_url	https://usn.ubuntu.com/5835-2/
reference_id	USN-5835-2
reference_type
scores
url	https://usn.ubuntu.com/5835-2/

reference_url	https://usn.ubuntu.com/5835-3/
reference_id	USN-5835-3
reference_type
scores
url	https://usn.ubuntu.com/5835-3/

reference_url	https://usn.ubuntu.com/5835-4/
reference_id	USN-5835-4
reference_type
scores
url	https://usn.ubuntu.com/5835-4/

reference_url	https://usn.ubuntu.com/5835-5/
reference_id	USN-5835-5
reference_type
scores
url	https://usn.ubuntu.com/5835-5/

reference_url	https://usn.ubuntu.com/6882-2/
reference_id	USN-6882-2
reference_type
scores
url	https://usn.ubuntu.com/6882-2/

fixed_packages

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.0.0-3?distro=trixie
purl	pkg:deb/debian/cinder@2:21.0.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.0.0-3%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2022-47951, GHSA-7h75-hwxx-qpgc

risk_score 3.5

exploitability 0.5

weighted_severity 6.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg

url VCID-ea21-seng-n3fw

vulnerability_id VCID-ea21-seng-n3fw

summary

OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1787.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1787.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1788.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1788.html

reference_url

https://access.redhat.com/errata/RHSA-2014:1787

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1787

reference_url

https://access.redhat.com/errata/RHSA-2014:1788

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1788

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3641.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3641.json

reference_url

https://access.redhat.com/security/cve/CVE-2014-3641

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2014-3641

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3641

reference_id

reference_type

scores

value	0.00329
scoring_system	epss
scoring_elements	0.55902
published_at	2026-04-18T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55898
published_at	2026-04-16T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55877
published_at	2026-04-21T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56056
published_at	2026-04-12T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.5601
published_at	2026-04-07T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56061
published_at	2026-04-08T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56065
published_at	2026-04-09T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56076
published_at	2026-04-11T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.55899
published_at	2026-04-01T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56039
published_at	2026-04-13T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56011
published_at	2026-04-02T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56032
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3641

reference_url

https://bugs.launchpad.net/cinder/+bug/1350504

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/cinder/+bug/1350504

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1141996

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1141996

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3641

reference_url

http://seclists.org/oss-sec/2014/q4/78

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2014/q4/78

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3641

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3641

reference_url

https://opendev.org/openstack/cinder

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/cinder

reference_url

https://web.archive.org/web/20200228053848/http://www.securityfocus.com/bid/70221

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228053848/http://www.securityfocus.com/bid/70221

reference_url	http://www.securityfocus.com/bid/70221
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/70221

reference_url

http://www.ubuntu.com/usn/USN-2405-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2405-1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::
reference_id	cpe:2.3:a:openstack:cinder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder:2014.1.1:::::::*
reference_id	cpe:2.3:a:openstack:cinder:2014.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder:2014.1.1:::::::*

reference_url

https://github.com/advisories/GHSA-qhch-g8qr-p497

reference_id

GHSA-qhch-g8qr-p497

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qhch-g8qr-p497

reference_url	https://usn.ubuntu.com/2405-1/
reference_id	USN-2405-1
reference_type
scores
url	https://usn.ubuntu.com/2405-1/

fixed_packages

url	pkg:deb/debian/cinder@2014.1.3-1?distro=trixie
purl	pkg:deb/debian/cinder@2014.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2014.1.3-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2014-3641, GHSA-qhch-g8qr-p497

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ea21-seng-n3fw

url VCID-ggmm-svqw-bkhv

vulnerability_id VCID-ggmm-svqw-bkhv

summary

OpenStack Cinder file disclosure in image convert
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

references

reference_url

http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-1206.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-1206.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1851.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1851.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-1851

reference_id

reference_type

scores

value	0.00489
scoring_system	epss
scoring_elements	0.65557
published_at	2026-04-18T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65545
published_at	2026-04-16T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65509
published_at	2026-04-13T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65537
published_at	2026-04-12T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65476
published_at	2026-04-02T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65542
published_at	2026-04-21T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65503
published_at	2026-04-04T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65427
published_at	2026-04-01T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65551
published_at	2026-04-11T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65532
published_at	2026-04-09T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65521
published_at	2026-04-08T12:55:00Z

value	0.00489
scoring_system	epss
scoring_elements	0.65468
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1851

reference_url

https://bugs.launchpad.net/cinder/+bug/1415087

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/cinder/+bug/1415087

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1851
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1851

reference_url

https://github.com/openstack/cinder

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder

reference_url

https://github.com/openstack/cinder/commit/9634b76ba5886d6c2f2128d550cb005dabf48213

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder/commit/9634b76ba5886d6c2f2128d550cb005dabf48213

reference_url

https://github.com/openstack/cinder/commit/b1143ee45323e63b965a3710f9063e65b252c978

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder/commit/b1143ee45323e63b965a3710f9063e65b252c978

reference_url

https://github.com/openstack/cinder/commit/bc0549e08b010edb863d409d80114aa78d317a61

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder/commit/bc0549e08b010edb863d409d80114aa78d317a61

reference_url

https://github.com/openstack/cinder/commit/d31c937c566005dedf41a60c6b5bd5e7b26f221b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder/commit/d31c937c566005dedf41a60c6b5bd5e7b26f221b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-1851

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-1851

reference_url

http://www.debian.org/security/2015/dsa-3292

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3292

reference_url

http://www.openwall.com/lists/oss-security/2015/06/13/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/06/13/1

reference_url

http://www.openwall.com/lists/oss-security/2015/06/17/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/06/17/2

reference_url

http://www.openwall.com/lists/oss-security/2015/06/17/7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/06/17/7

reference_url

http://www.ubuntu.com/usn/USN-2703-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2703-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1231817
reference_id	1231817
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1231817

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788996
reference_id	788996
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788996

reference_url

https://github.com/advisories/GHSA-9hcj-h2qc-689p

reference_id

GHSA-9hcj-h2qc-689p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9hcj-h2qc-689p

reference_url	https://access.redhat.com/errata/RHSA-2015:1206
reference_id	RHSA-2015:1206
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1206

reference_url	https://usn.ubuntu.com/2703-1/
reference_id	USN-2703-1
reference_type
scores
url	https://usn.ubuntu.com/2703-1/

fixed_packages

url	pkg:deb/debian/cinder@2015.1.0%2B2015.06.16.git26.9634b76ba5-1?distro=trixie
purl	pkg:deb/debian/cinder@2015.1.0%2B2015.06.16.git26.9634b76ba5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2015.1.0%252B2015.06.16.git26.9634b76ba5-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2015-1851, GHSA-9hcj-h2qc-689p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggmm-svqw-bkhv

url VCID-h6rd-5p7q-s3gq

vulnerability_id VCID-h6rd-5p7q-s3gq

summary

OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-32498

reference_id

reference_type

scores

value	0.00171
scoring_system	epss
scoring_elements	0.38394
published_at	2026-04-18T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38366
published_at	2026-04-13T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38413
published_at	2026-04-16T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38465
published_at	2026-04-02T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38489
published_at	2026-04-04T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38353
published_at	2026-04-07T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38404
published_at	2026-04-08T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38412
published_at	2026-04-09T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38428
published_at	2026-04-11T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38391
published_at	2026-04-12T12:55:00Z

value	0.00214
scoring_system	epss
scoring_elements	0.43927
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-32498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498

reference_url

https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e

reference_url

https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40

reference_url

https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9

reference_url

https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175

reference_url

https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973

reference_url

https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f

reference_url

https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df

reference_url

https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927

reference_url

https://launchpad.net/bugs/2059809

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/

url

https://launchpad.net/bugs/2059809

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-32498

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-32498

reference_url

https://security.openstack.org/ossa/OSSA-2024-001.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/

url

https://security.openstack.org/ossa/OSSA-2024-001.html

reference_url

https://www.openwall.com/lists/oss-security/2024/07/02/2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/

url

https://www.openwall.com/lists/oss-security/2024/07/02/2

reference_url

http://www.openwall.com/lists/oss-security/2024/07/02/2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/

url

http://www.openwall.com/lists/oss-security/2024/07/02/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761
reference_id	1074761
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762
reference_id	1074762
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763
reference_id	1074763
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2278663
reference_id	2278663
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2278663

reference_url

https://github.com/advisories/GHSA-r4v4-w9pv-6fph

reference_id

GHSA-r4v4-w9pv-6fph

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r4v4-w9pv-6fph

reference_url	https://access.redhat.com/errata/RHSA-2024:4272
reference_id	RHSA-2024:4272
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4272

reference_url	https://access.redhat.com/errata/RHSA-2024:4273
reference_id	RHSA-2024:4273
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4273

reference_url	https://access.redhat.com/errata/RHSA-2024:4274
reference_id	RHSA-2024:4274
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4274

reference_url	https://access.redhat.com/errata/RHSA-2024:4425
reference_id	RHSA-2024:4425
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4425

reference_url	https://usn.ubuntu.com/6882-1/
reference_id	USN-6882-1
reference_type
scores
url	https://usn.ubuntu.com/6882-1/

reference_url	https://usn.ubuntu.com/6882-2/
reference_id	USN-6882-2
reference_type
scores
url	https://usn.ubuntu.com/6882-2/

reference_url	https://usn.ubuntu.com/6883-1/
reference_id	USN-6883-1
reference_type
scores
url	https://usn.ubuntu.com/6883-1/

reference_url	https://usn.ubuntu.com/6884-1/
reference_id	USN-6884-1
reference_type
scores
url	https://usn.ubuntu.com/6884-1/

fixed_packages

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.4.0-1~deb11u2?distro=trixie
purl	pkg:deb/debian/cinder@2:17.4.0-1~deb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.4.0-1~deb11u2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:24.0.0-5?distro=trixie
purl	pkg:deb/debian/cinder@2:24.0.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:24.0.0-5%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2024-32498, GHSA-r4v4-w9pv-6fph

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq

url VCID-hd9e-1msb-uqa6

vulnerability_id VCID-hd9e-1msb-uqa6

summary openstack-cinder: silently access other user's volumes

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2088.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2088.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2088

reference_id

reference_type

scores

value	0.00129
scoring_system	epss
scoring_elements	0.32496
published_at	2026-04-02T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32352
published_at	2026-04-21T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32432
published_at	2026-04-11T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32395
published_at	2026-04-12T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32367
published_at	2026-04-13T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32404
published_at	2026-04-16T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32381
published_at	2026-04-18T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.3253
published_at	2026-04-04T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32353
published_at	2026-04-07T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32402
published_at	2026-04-08T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32429
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2088

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035932
reference_id	1035932
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035932

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035961
reference_id	1035961
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035961

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035962
reference_id	1035962
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035962

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035963
reference_id	1035963
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035963

reference_url

https://bugs.launchpad.net/bugs/2004555

reference_id

2004555

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:40:54Z/

url

https://bugs.launchpad.net/bugs/2004555

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179587
reference_id	2179587
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179587

reference_url

https://security.openstack.org/ossa/OSSA-2023-003.html

reference_id

OSSA-2023-003.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:40:54Z/

url

https://security.openstack.org/ossa/OSSA-2023-003.html

reference_url	https://access.redhat.com/errata/RHSA-2023:3156
reference_id	RHSA-2023:3156
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3156

reference_url	https://access.redhat.com/errata/RHSA-2023:3157
reference_id	RHSA-2023:3157
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3157

reference_url	https://access.redhat.com/errata/RHSA-2023:3158
reference_id	RHSA-2023:3158
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3158

reference_url	https://access.redhat.com/errata/RHSA-2023:3161
reference_id	RHSA-2023:3161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3161

reference_url	https://usn.ubuntu.com/6073-1/
reference_id	USN-6073-1
reference_type
scores
url	https://usn.ubuntu.com/6073-1/

reference_url	https://usn.ubuntu.com/6073-2/
reference_id	USN-6073-2
reference_type
scores
url	https://usn.ubuntu.com/6073-2/

reference_url	https://usn.ubuntu.com/6073-3/
reference_id	USN-6073-3
reference_type
scores
url	https://usn.ubuntu.com/6073-3/

reference_url	https://usn.ubuntu.com/6073-4/
reference_id	USN-6073-4
reference_type
scores
url	https://usn.ubuntu.com/6073-4/

reference_url	https://usn.ubuntu.com/6241-1/
reference_id	USN-6241-1
reference_type
scores
url	https://usn.ubuntu.com/6241-1/

fixed_packages

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.4.0-1~deb11u2?distro=trixie
purl	pkg:deb/debian/cinder@2:17.4.0-1~deb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.4.0-1~deb11u2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.1.0-3?distro=trixie
purl	pkg:deb/debian/cinder@2:21.1.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.1.0-3%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2023-2088

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hd9e-1msb-uqa6

url VCID-kgrz-64rh-cbdd

vulnerability_id VCID-kgrz-64rh-cbdd

summary

OpenStack Cinder Denial of Service using XML entities
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.  NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

references

reference_url

http://github.com/openstack/cinder/commit/2023eecc4b1a35daf42a64fa01967ed12c7d017b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/cinder/commit/2023eecc4b1a35daf42a64fa01967ed12c7d017b

reference_url

http://github.com/openstack/cinder/commit/4ad95dba4fccbbc0df923dea0dc9e5c3ac9f4cc2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/cinder/commit/4ad95dba4fccbbc0df923dea0dc9e5c3ac9f4cc2

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1198.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1198.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4202.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4202.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4202

reference_id

reference_type

scores

value	0.00841
scoring_system	epss
scoring_elements	0.74757
published_at	2026-04-21T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74753
published_at	2026-04-11T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74732
published_at	2026-04-12T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74723
published_at	2026-04-13T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.7476
published_at	2026-04-16T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74767
published_at	2026-04-18T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74679
published_at	2026-04-01T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74682
published_at	2026-04-02T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74708
published_at	2026-04-04T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74683
published_at	2026-04-07T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74716
published_at	2026-04-08T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.7473
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4202

reference_url

https://bugs.launchpad.net/ossa/+bug/1190229

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/ossa/+bug/1190229

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4202

reference_url

https://github.com/openstack/cinder

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder

reference_url

http://www.ubuntu.com/usn/USN-2005-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2005-1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719118
reference_id	719118
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719118

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=991630
reference_id	991630
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=991630

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4202

reference_id

CVE-2013-4202

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4202

reference_url

https://github.com/advisories/GHSA-mfg4-9xf4-f45q

reference_id

GHSA-mfg4-9xf4-f45q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mfg4-9xf4-f45q

reference_url	https://access.redhat.com/errata/RHSA-2013:1198
reference_id	RHSA-2013:1198
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1198

reference_url	https://usn.ubuntu.com/2005-1/
reference_id	USN-2005-1
reference_type
scores
url	https://usn.ubuntu.com/2005-1/

fixed_packages

url	pkg:deb/debian/cinder@2013.1.2-4?distro=trixie
purl	pkg:deb/debian/cinder@2013.1.2-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2013.1.2-4%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2013-4202, GHSA-mfg4-9xf4-f45q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kgrz-64rh-cbdd

url VCID-kncr-vrmh-fygm

vulnerability_id VCID-kncr-vrmh-fygm

summary The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1068

reference_id

reference_type

scores

value	0.00222
scoring_system	epss
scoring_elements	0.44794
published_at	2026-04-21T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44729
published_at	2026-04-01T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44809
published_at	2026-04-02T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.4483
published_at	2026-04-04T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.4477
published_at	2026-04-07T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44823
published_at	2026-04-08T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44825
published_at	2026-04-09T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44842
published_at	2026-04-11T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44811
published_at	2026-04-12T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44813
published_at	2026-04-13T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44866
published_at	2026-04-16T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44859
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1068

reference_url	http://ubuntu.com/usn/usn-2248-1
reference_id
reference_type
scores
url	http://ubuntu.com/usn/usn-2248-1

reference_url	http://www.ubuntu.com/usn/USN-2247-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2247-1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579
reference_id	753579
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585
reference_id	753585
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753585

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1068

reference_id

CVE-2013-1068

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1068

reference_url	https://usn.ubuntu.com/2247-1/
reference_id	USN-2247-1
reference_type
scores
url	https://usn.ubuntu.com/2247-1/

reference_url	https://usn.ubuntu.com/2248-1/
reference_id	USN-2248-1
reference_type
scores
url	https://usn.ubuntu.com/2248-1/

fixed_packages

url	pkg:deb/debian/cinder@2014.1.1-3?distro=trixie
purl	pkg:deb/debian/cinder@2014.1.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2014.1.1-3%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2013-1068

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kncr-vrmh-fygm

url VCID-nyak-4rzf-9fhp

vulnerability_id VCID-nyak-4rzf-9fhp

summary openstack-cinder: Data retained after deletion of a ScaleIO volume

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15139.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15139.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15139

reference_id

reference_type

scores

value	0.00242
scoring_system	epss
scoring_elements	0.4743
published_at	2026-04-01T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47462
published_at	2026-04-02T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47483
published_at	2026-04-04T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47432
published_at	2026-04-07T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47487
published_at	2026-04-08T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47484
published_at	2026-04-09T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47506
published_at	2026-04-11T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47481
published_at	2026-04-12T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47488
published_at	2026-04-13T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47548
published_at	2026-04-16T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47541
published_at	2026-04-18T12:55:00Z

value	0.00242
scoring_system	epss
scoring_elements	0.47493
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15139

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1599899
reference_id	1599899
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1599899

reference_url	https://access.redhat.com/errata/RHSA-2018:3601
reference_id	RHSA-2018:3601
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3601

reference_url	https://access.redhat.com/errata/RHSA-2019:0917
reference_id	RHSA-2019:0917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:0917

fixed_packages

url	pkg:deb/debian/cinder@2:13.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:13.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:13.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2017-15139

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nyak-4rzf-9fhp

url VCID-t88t-p8tx-cfcu

vulnerability_id VCID-t88t-p8tx-cfcu

summary

Multiple vulnerabilities have been found in libxml2, allowing
    remote attackers to execute arbitrary code or cause Denial of Service.

references

reference_url

http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html

reference_url

http://bugs.python.org/issue17239

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://bugs.python.org/issue17239

reference_url

http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0657.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0657.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0658.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0658.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0670.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0670.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1664

reference_id

reference_type

scores

value	0.03938
scoring_system	epss
scoring_elements	0.88332
published_at	2026-04-08T12:55:00Z

value	0.03938
scoring_system	epss
scoring_elements	0.88312
published_at	2026-04-07T12:55:00Z

value	0.03938
scoring_system	epss
scoring_elements	0.88285
published_at	2026-04-01T12:55:00Z

value	0.03938
scoring_system	epss
scoring_elements	0.88293
published_at	2026-04-02T12:55:00Z

value	0.03938
scoring_system	epss
scoring_elements	0.88308
published_at	2026-04-04T12:55:00Z

value	0.03938
scoring_system	epss
scoring_elements	0.88349
published_at	2026-04-18T12:55:00Z

value	0.03938
scoring_system	epss
scoring_elements	0.88353
published_at	2026-04-16T12:55:00Z

value	0.03938
scoring_system	epss
scoring_elements	0.8834
published_at	2026-04-13T12:55:00Z

value	0.03938
scoring_system	epss
scoring_elements	0.88348
published_at	2026-04-21T12:55:00Z

value	0.03938
scoring_system	epss
scoring_elements	0.88338
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1664

reference_url

https://bugs.launchpad.net/nova/+bug/1100282

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/nova/+bug/1100282

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40

reference_url

https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1664

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1664

reference_url

http://ubuntu.com/usn/usn-1757-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://ubuntu.com/usn/usn-1757-1

reference_url

http://www.openwall.com/lists/oss-security/2013/02/19/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/19/2

reference_url

http://www.openwall.com/lists/oss-security/2013/02/19/4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/19/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
reference_id	700948
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949
reference_id	700949
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950
reference_id	700950
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=913808
reference_id	913808
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=913808

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder_folsom:-:::::::*
reference_id	cpe:2.3:a:openstack:cinder_folsom:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder_folsom:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_essex:-:::::::*
reference_id	cpe:2.3:a:openstack:compute_\(nova\)_essex:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_essex:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_folsom:-:::::::*
reference_id	cpe:2.3:a:openstack:compute_\(nova\)_folsom:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_folsom:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:::::::*
reference_id	cpe:2.3:a:openstack:folsom:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:::::::*
reference_id	cpe:2.3:a:openstack:grizzly:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:::::::*
reference_id	cpe:2.3:a:openstack:keystone_essex:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:::::::*

reference_url

https://github.com/advisories/GHSA-qrh7-x6fp-c2mp

reference_id

GHSA-qrh7-x6fp-c2mp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qrh7-x6fp-c2mp

reference_url	https://security.gentoo.org/glsa/201311-06
reference_id	GLSA-201311-06
reference_type
scores
url	https://security.gentoo.org/glsa/201311-06

reference_url	https://security.gentoo.org/glsa/201412-11
reference_id	GLSA-201412-11
reference_type
scores
url	https://security.gentoo.org/glsa/201412-11

reference_url	https://access.redhat.com/errata/RHSA-2013:0596
reference_id	RHSA-2013:0596
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0596

reference_url	https://access.redhat.com/errata/RHSA-2013:0657
reference_id	RHSA-2013:0657
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0657

reference_url	https://access.redhat.com/errata/RHSA-2013:0658
reference_id	RHSA-2013:0658
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0658

reference_url	https://access.redhat.com/errata/RHSA-2013:0670
reference_id	RHSA-2013:0670
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0670

reference_url	https://usn.ubuntu.com/1730-1/
reference_id	USN-1730-1
reference_type
scores
url	https://usn.ubuntu.com/1730-1/

reference_url	https://usn.ubuntu.com/1731-1/
reference_id	USN-1731-1
reference_type
scores
url	https://usn.ubuntu.com/1731-1/

reference_url	https://usn.ubuntu.com/1734-1/
reference_id	USN-1734-1
reference_type
scores
url	https://usn.ubuntu.com/1734-1/

reference_url	https://usn.ubuntu.com/1757-1/
reference_id	USN-1757-1
reference_type
scores
url	https://usn.ubuntu.com/1757-1/

fixed_packages

url	pkg:deb/debian/cinder@2012.2.3-1?distro=trixie
purl	pkg:deb/debian/cinder@2012.2.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2012.2.3-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2013-1664, GHSA-qrh7-x6fp-c2mp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t88t-p8tx-cfcu

url VCID-ykzj-fz7y-eug8

vulnerability_id VCID-ykzj-fz7y-eug8

summary Trove: potential leak of passwords into log files

references

reference_url	http://rhn.redhat.com/errata/RHSA-2014-1939.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2014-1939.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7230.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7230

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.31358
published_at	2026-04-21T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31368
published_at	2026-04-01T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31506
published_at	2026-04-02T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31547
published_at	2026-04-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31365
published_at	2026-04-07T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31419
published_at	2026-04-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31449
published_at	2026-04-09T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31452
published_at	2026-04-11T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31409
published_at	2026-04-12T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31373
published_at	2026-04-13T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31407
published_at	2026-04-16T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31387
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7230

reference_url	https://bugs.launchpad.net/oslo-incubator/+bug/1343604
reference_id
reference_type
scores
url	https://bugs.launchpad.net/oslo-incubator/+bug/1343604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7230

reference_url	http://seclists.org/oss-sec/2014/q3/853
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2014/q3/853

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/96725
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/96725

reference_url	http://www.securityfocus.com/bid/70185
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/70185

reference_url	http://www.ubuntu.com/usn/USN-2405-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2405-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1147722
reference_id	1147722
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1147722

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704
reference_id	765704
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765704

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714
reference_id	765714
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765714

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::
reference_id	cpe:2.3:a:openstack:cinder::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova::::::::
reference_id	cpe:2.3:a:openstack:nova::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove::::::::
reference_id	cpe:2.3:a:openstack:trove::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:trove::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:::::::*
reference_id	cpe:2.3:a:redhat:openstack:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7230

reference_id

CVE-2014-7230

reference_type

scores

value	2.1
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:N/C:P/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7230

reference_url	https://access.redhat.com/errata/RHSA-2014:1939
reference_id	RHSA-2014:1939
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1939

reference_url	https://usn.ubuntu.com/2405-1/
reference_id	USN-2405-1
reference_type
scores
url	https://usn.ubuntu.com/2405-1/

reference_url	https://usn.ubuntu.com/2407-1/
reference_id	USN-2407-1
reference_type
scores
url	https://usn.ubuntu.com/2407-1/

fixed_packages

url	pkg:deb/debian/cinder@2014.1.3-4?distro=trixie
purl	pkg:deb/debian/cinder@2014.1.3-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2014.1.3-4%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2014-7230

risk_score 0.9

exploitability 0.5

weighted_severity 1.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ykzj-fz7y-eug8

url VCID-zy9m-d25c-5uga

vulnerability_id VCID-zy9m-d25c-5uga

summary

OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2923.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2923.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2991.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2991.html

reference_url

http://rhn.redhat.com/errata/RHSA-2017-0153.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2017-0153.html

reference_url

http://rhn.redhat.com/errata/RHSA-2017-0156.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2017-0156.html

reference_url

http://rhn.redhat.com/errata/RHSA-2017-0165.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2017-0165.html

reference_url

http://rhn.redhat.com/errata/RHSA-2017-0282.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2017-0282.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5162

reference_id

reference_type

scores

value	0.0359
scoring_system	epss
scoring_elements	0.87769
published_at	2026-04-21T12:55:00Z

value	0.0359
scoring_system	epss
scoring_elements	0.87701
published_at	2026-04-01T12:55:00Z

value	0.0359
scoring_system	epss
scoring_elements	0.87712
published_at	2026-04-02T12:55:00Z

value	0.0359
scoring_system	epss
scoring_elements	0.87723
published_at	2026-04-04T12:55:00Z

value	0.0359
scoring_system	epss
scoring_elements	0.87725
published_at	2026-04-07T12:55:00Z

value	0.0359
scoring_system	epss
scoring_elements	0.87746
published_at	2026-04-08T12:55:00Z

value	0.0359
scoring_system	epss
scoring_elements	0.87752
published_at	2026-04-09T12:55:00Z

value	0.0359
scoring_system	epss
scoring_elements	0.87763
published_at	2026-04-11T12:55:00Z

value	0.0359
scoring_system	epss
scoring_elements	0.87757
published_at	2026-04-12T12:55:00Z

value	0.0359
scoring_system	epss
scoring_elements	0.87756
published_at	2026-04-13T12:55:00Z

value	0.0359
scoring_system	epss
scoring_elements	0.8777
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5162

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1268303

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1268303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5

reference_url

https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f

reference_url

https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397

reference_url

https://launchpad.net/bugs/1449062

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/bugs/1449062

reference_url

http://www.openwall.com/lists/oss-security/2016/10/06/8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/10/06/8

reference_url

http://www.securityfocus.com/bid/76849

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/76849

reference_url

https://access.redhat.com/security/cve/CVE-2015-5162

reference_id

CVE-2015-5162

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2015-5162

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5162

reference_id

CVE-2015-5162

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5162

reference_url

https://github.com/advisories/GHSA-g2j5-7vgx-6xrx

reference_id

GHSA-g2j5-7vgx-6xrx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g2j5-7vgx-6xrx

reference_url	https://access.redhat.com/errata/RHSA-2016:2923
reference_id	RHSA-2016:2923
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2923

reference_url	https://access.redhat.com/errata/RHSA-2016:2991
reference_id	RHSA-2016:2991
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2991

reference_url	https://access.redhat.com/errata/RHSA-2017:0153
reference_id	RHSA-2017:0153
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0153

reference_url	https://access.redhat.com/errata/RHSA-2017:0156
reference_id	RHSA-2017:0156
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0156

reference_url	https://access.redhat.com/errata/RHSA-2017:0165
reference_id	RHSA-2017:0165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0165

reference_url	https://access.redhat.com/errata/RHSA-2017:0282
reference_id	RHSA-2017:0282
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0282

reference_url	https://usn.ubuntu.com/3449-1/
reference_id	USN-3449-1
reference_type
scores
url	https://usn.ubuntu.com/3449-1/

fixed_packages

url	pkg:deb/debian/cinder@2:8.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:8.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:8.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
purl	pkg:deb/debian/cinder@2:21.3.1-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
purl	pkg:deb/debian/cinder@2:26.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:26.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
purl	pkg:deb/debian/cinder@2:28.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

aliases CVE-2015-5162, GHSA-g2j5-7vgx-6xrx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zy9m-d25c-5uga

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:28.0.0-1%3Fdistro=trixie

Package Instance