Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in OpenStack Compute may result in information disclosure.