Lucene search
HistoryOct 26, 2015 - 5:59 p.m.
CVE-2015-5251
openstack
image service
glance
cve-2015-5251
security vulnerability
access control
remote authentication
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
4.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.8%
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
Affected configurations
Node
openstackimage_registry_and_delivery_service_\(glance\)Range≤2014.2.3
ORopenstackimage_registry_and_delivery_service_\(glance\)Match2015.1.0
ORopenstackimage_registry_and_delivery_service_\(glance\)Match2015.1.1
Related
osv
osv
cvelist
cvelist
CVE-2015-5251
2015-10-26 17:00:00
ubuntucve
ubuntucve
CVE-2015-5251
2015-09-22 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 09:07:54
Denial Of Service
2019-05-02 05:18:59
prion
prion
Design/Logic Flaw
2015-10-26 17:59:00
github
github
debiancve
debiancve
CVE-2015-5251
2015-10-26 17:59:06
nvd
nvd
CVE-2015-5251
2015-10-26 17:59:06
redhat
redhat
(RHSA-2015:1897) Moderate: openstack-glance security update
2015-10-15 12:09:50
ubuntu
ubuntu
OpenStack Glance vulnerabilities
2017-10-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3446-1)
2017-10-12 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : OpenStack Glance vulnerabilities (USN-3446-1)
2017-10-12 00:00:00
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
4.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.8%
Related for CVE-2015-5251