Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-1195HistoryJan 21, 2015 - 6:59 p.m.
CVE-2015-1195
2015-01-2118:59:56
Debian Security Bug Tracker
security-tracker.debian.org
12
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.006
Percentile
78.7%
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | glance | < 2014.1.3-11 | glance_2014.1.3-11_all.deb |
| Debian | 11 | all | glance | < 2014.1.3-11 | glance_2014.1.3-11_all.deb |
| Debian | 999 | all | glance | < 2014.1.3-11 | glance_2014.1.3-11_all.deb |
| Debian | 13 | all | glance | < 2014.1.3-11 | glance_2014.1.3-11_all.deb |
Related
cvelist
cvelist
CVE-2015-1195
2015-01-21 18:00:00
CVE-2014-9493
2015-01-07 19:00:00
cve
cve
CVE-2015-1195
2015-01-21 18:59:56
CVE-2014-9493
2015-01-07 19:59:02
ubuntucve
ubuntucve
CVE-2014-9493
2015-01-07 00:00:00
CVE-2015-1195
2015-01-21 00:00:00
nvd
nvd
CVE-2015-1195
2015-01-21 18:59:56
CVE-2014-9493
2015-01-07 19:59:02
github
github
prion
prion
Design/Logic Flaw
2015-01-21 18:59:00
Design/Logic Flaw
2015-01-07 19:59:00
veracode
veracode
Arbitrary File Read
2019-01-15 09:04:41
redhat
redhat
(RHSA-2015:0246) Important: openstack-glance security update
2015-02-19 00:00:00
debiancve
debiancve
CVE-2014-9493
2015-01-07 19:59:02
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.006
Percentile
78.7%
Related for DEBIANCVE:CVE-2015-1195