GitHub Advisory DatabaseGHSA-Q73F-VJC2-3GQFOpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
53.5%
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
References
lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html
rhn.redhat.com/errata/RHSA-2015-1639.html
access.redhat.com/errata/RHSA-2015:1639
access.redhat.com/security/cve/CVE-2015-5163
bugs.launchpad.net/glance/+bug/1471912
bugzilla.redhat.com/show_bug.cgi?id=1252378
github.com/advisories/GHSA-q73f-vjc2-3gqf
github.com/openstack/glance/commit/eb99e45829a1b4c93db5692bdbf636a86faa56c4
nvd.nist.gov/vuln/detail/CVE-2015-5163
web.archive.org/web/20200228024903/www.securityfocus.com/bid/76346
Related
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
53.5%