3 matches found
Authorization Bypass
openstack-glance is vulnerable to authorization bypass. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to...
OpenStack Image Service Access Restriction Bypass Vulnerability
OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace, Inc. in the U.S. Image Service Glance is one of the projects that can store, query, and retrieve virtual machine Image Service Glance is one of the...
DEBIAN-CVE-2015-5251
OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...