CVE-2015-1195
OpenStack Image Registry and Delivery Service - Info Disclosure
Title source: llmDescription
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.
References (7)
Core 7
Core References
Vendor Advisory mailing-list
x_refsource_mlist
http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html
Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/ossa/+bug/1408663
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/18/5
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62169
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/15/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/71976
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Scores
EPSS
0.0111
EPSS Percentile
78.3%
Details
CWE
CWE-22
Status
published
Products (2)
openstack/image_registry_and_delivery_service_\(glance\)
2014.1 - 2014.1.4
pypi/glance
0 - 11.0.0a0PyPI
Published
Jan 21, 2015
Tracked Since
Feb 18, 2026