Lucene search

[email protected]CVE-2015-5163

HistoryAug 19, 2015 - 3:59 p.m.

CVE-2015-5163

2015-08-1915:59:00

CWE-200

[email protected]

web.nvd.nist.gov

openstack

image service

glance

cve-2015-5163

security vulnerability

nvd

6.1 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

JSON

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

CPENameOperatorVersion
openstack:glanceopenstack glanceeq2015.1.1
openstack:glanceopenstack glanceeq2015.1.0

CPE	Name	Operator	Version
openstack:glance	openstack glance	eq	2015.1.1
openstack:glance	openstack glance	eq	2015.1.0

References

lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html

rhn.redhat.com/errata/RHSA-2015-1639.html

www.securityfocus.com/bid/76346

bugs.launchpad.net/glance/+bug/1471912

6.1 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

JSON

Related for CVE-2015-5163

prion1 redhat1 osv1 veracode1 debiancve1 ubuntucve1 github1 ibm2