Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3446-1
HistoryOct 11, 2017 - 12:00 a.m.

OpenStack Glance vulnerabilities

2017-10-1100:00:00
ubuntu.com
35

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

68.3%

JSON

Releases

  • Ubuntu 14.04 ESM

Packages

  • glance - OpenStack Image Registry and Delivery Service

Details

Hemanth Makkapati discovered that OpenStack Glance incorrectly handled
access restrictions. A remote authenticated user could use this issue to
change the status of images, contrary to access restrictions.
(CVE-2015-5251)

Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly
handled the storage quota. A remote authenticated user could use this issue
to consume disk resources, leading to a denial of service. (CVE-2015-5286)

Erno Kuvaja discovered that OpenStack Glance incorrectly handled the
show_multiple_locations option. When show_multiple_locations is enabled,
a remote authenticated user could change an image status and upload new
image data. (CVE-2016-0757)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchglance-common< 1:2014.1.5-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchglance< 1:2014.1.5-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchglance-api< 1:2014.1.5-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchglance-registry< 1:2014.1.5-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchpython-glance< 1:2014.1.5-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchpython-glance-doc< 1:2014.1.5-0ubuntu1.1UNKNOWN

Related

openvas 1
nessus 1
redhat 5
veracode 3
ubuntucve 3
osv 4
debiancve 3
prion 3
github 3
cve 3
ibm 2
openvas
openvas
Ubuntu: Security Advisory (USN-3446-1)
2017-10-12 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : OpenStack Glance vulnerabilities (USN-3446-1)
2017-10-12 00:00:00
redhat
redhat
(RHSA-2015:1897) Moderate: openstack-glance security update
2015-10-15 12:09:50
(RHSA-2016:0352) Low: openstack-glance security update
2016-03-03 19:25:18
(RHSA-2016:0354) Low: openstack-glance security update
2016-03-03 19:25:27
veracode
veracode
Denial Of Service
2019-05-02 05:18:59
Authorization Bypass
2019-01-15 09:07:54
Authorization Bypass
2019-01-15 09:10:16
ubuntucve
ubuntucve
CVE-2015-5251
2015-09-22 00:00:00
CVE-2016-0757
2016-04-13 00:00:00
CVE-2015-5286
2015-10-26 00:00:00
osv
osv
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions
2022-05-17 04:04:02
OpenStack Image Service (Glance) vulnerable to Improper Access Control
2022-05-17 03:43:30
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
2022-05-17 03:44:52
debiancve
debiancve
CVE-2015-5251
2015-10-26 17:59:00
CVE-2016-0757
2016-04-13 17:59:00
CVE-2015-5286
2015-10-26 17:59:00
prion
prion
Design/Logic Flaw
2015-10-26 17:59:00
Design/Logic Flaw
2016-04-13 17:59:00
Design/Logic Flaw
2015-10-26 17:59:00
github
github
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions
2022-05-17 04:04:02
OpenStack Image Service (Glance) vulnerable to Improper Access Control
2022-05-17 03:43:30
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
2022-05-17 03:44:52
cve
cve
CVE-2015-5251
2015-10-26 17:59:00
CVE-2016-0757
2016-04-13 17:59:00
CVE-2015-5286
2015-10-26 17:59:00
ibm
ibm
Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-7713, CVE-2015-5286)
2018-08-08 04:13:55
Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry (CVE-2015-7713, CVE-2015-5286)
2020-07-19 00:49:12

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.003 Low

EPSS

Percentile

68.3%

JSON
Related for USN-3446-1
openvas1nessus1redhat5veracode3ubuntucve3osv4debiancve3prion3github3cve3ibm2