CVE-2015-5163

Openstack Glance < 2015.1.2 - Information Disclosure

Title source: rule

Description

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

References (4)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2015-1639.html

[Various Sources] http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html

[Issue Tracking] https://bugs.launchpad.net/glance/+bug/1471912

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/76346

Scores

EPSS 0.0024

EPSS Percentile 46.5%

Classification

CWE

CWE-200

Status draft

Affected Products (3)

openstack/glance

pypi/glance < 2015.1.2PyPI

Timeline

Published Aug 19, 2015

Tracked Since Feb 18, 2026