3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
52.5%
OpenStack Image Service (glance) provides discovery, registration, and
delivery services for disk and server images. It provides the ability to
copy or snapshot a server image and immediately store it away. Stored
images can be used as a template to get new servers up and running quickly
and more consistently than installing a server operating system and
individually configuring additional services.
A flaw was found in the OpenStack Image Service (glance) import task
action. When processing a malicious qcow2 header, glance could be
tricked into reading an arbitrary file from the glance host. Only
setups using the glance V2 API are affected by this flaw. (CVE-2015-5163)
Red Hat thanks the OpenStack team for reporting this issue. Upstream
acknowledges Eric Harney of Red Hat as the original reporter.
All openstack-glance users are advised to upgrade to these updated
packages, which address this vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | openstack-glance | < 2015.1.0-6.el7ost.1 | openstack-glance-2015.1.0-6.el7ost.1.noarch.rpm |
RedHat | 7 | noarch | openstack-glance-doc | < 2015.1.0-6.el7ost.1 | openstack-glance-doc-2015.1.0-6.el7ost.1.noarch.rpm |
RedHat | 7 | src | openstack-glance | < 2015.1.0-6.el7ost.1 | openstack-glance-2015.1.0-6.el7ost.1.src.rpm |
RedHat | 7 | noarch | python-glance | < 2015.1.0-6.el7ost.1 | python-glance-2015.1.0-6.el7ost.1.noarch.rpm |