CVE-2015-5163

Published: Aug 19, 2015Modified: May 6, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

Affected (2)

Products: Openstack: Glance

Openstack

1 product

Glance

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Glance	Version 2015.1.0
Openstack Glance	Version 2015.1.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1639.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/76346

Source: secalert@redhat.com

https://bugs.launchpad.net/glance/+bug/1471912

Source: secalert@redhat.com

http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1639.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/76346

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/glance/+bug/1471912

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.