3 matches found
CVE-2013-1840
CVE-2013-1840 affects the OpenStack Glance v1 API (Essex, Folsom, Grizzly) when using the single-tenant Swift or S3 store. The vulnerability arises because the location header can leak the operator’s backend credentials to remote authenticated users who request a cached image. Impact is informati...
CVE-2015-5163
OpenStack Glance is affected by CVE-2015-5163 in the 2015.1.x line prior to 2015.1.2 (kilo). The V2 API allows remote authenticated users to read arbitrary files via a crafted qcow2 backing file during image import. The issue arises from how a backing file is processed and file content is read, e...
CVE-2013-4428
CVE-2013-4428 affects the OpenStack Image Registry and Delivery Service (Glance) in the Folsom/Grizzly line before 2013.1.4 and Havana before 2013.2. The issue is a flaw in the download_image policy enforcement for cached system images: after an image is cached by an authorized download, any auth...