5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
46.1%
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before
2015.1.2 (kilo) allow remote authenticated users to change the status of
their images and bypass access restrictions via the HTTP
x-image-meta-status header to images/*.
Author | Note |
---|---|
tyhicks | 12.04 likely needs the ACTIVE_IMMUTABLE check, as well. |