← Back

CVE-2015-1851

nvd nist
Published: Jun 25, 2015Modified: May 6, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:L/Au:S/C:C/I:N/A:N
Exploitability: 8.0 / Impact: 6.9
Source: NVD

Description

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

Affected (6)

Canonical
1 product
Ubuntu Linux
Openstack
3 products
Icehouse
Juno
Kilo
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu Linux
Version 15.04
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
Icehouse
Up to 2014.1.4
Openstack
Juno
Version 2014.2.2
Juno
Version 2014.2.3
Juno
Version 2014.2
Kilo
Version 2015.1.0

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (16)

Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.