Veracode Vulnerability DatabaseVERACODE:11751Arbitrary File Read
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
openstack-glance is vulnerable to arbitrary file read. A flaw was found in the OpenStack Image Service (glance) import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw.
References
lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html
rhn.redhat.com/errata/RHSA-2015-1639.html
www.securityfocus.com/bid/76346
access.redhat.com/errata/RHSA-2015:1639
access.redhat.com/security/cve/CVE-2015-5163
access.redhat.com/security/updates/classification/#important
bugs.launchpad.net/glance/+bug/1471912
bugzilla.redhat.com/show_bug.cgi?id=1252378
rhn.redhat.com/errata/RHSA-2015-1639.html
Related
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N