Lucene search

K

[email protected]NVD:CVE-2015-1195

HistoryJan 21, 2015 - 6:59 p.m.

CVE-2015-1195

2015-01-2118:59:56

CWE-22

[email protected]

web.nvd.nist.gov

4

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.006

Percentile

78.7%

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.

Affected configurations

Nvd

Node

openstackimage_registry_and_delivery_service_\(glance\)Range2014.1–2014.1.4

OR

openstackimage_registry_and_delivery_service_\(glance\)Range2014.2–2014.2.2

References

lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html

secunia.com/advisories/62169

www.openwall.com/lists/oss-security/2015/01/15/2

www.openwall.com/lists/oss-security/2015/01/18/5

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.securityfocus.com/bid/71976

bugs.launchpad.net/ossa/+bug/1408663

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

0.006

Percentile

78.7%

Related for NVD:CVE-2015-1195

debiancve2 github1 cvelist2 cve2 ubuntucve2 prion2 nvd1 veracode1 redhat1