CVE-2015-5163
OpenStack Glance 2015.1.x < 2015.1.2 - Authenticated Arbitrary File Read via QCOW2 Backing File
Title source: llmDescription
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1639.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76346
Various Sources mailing-list
x_refsource_mlist
http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/glance/+bug/1471912
Scores
EPSS
0.0028
EPSS Percentile
51.2%
Details
CWE
CWE-200
Status
published
Products (3)
openstack/glance
2015.1.0
openstack/glance
2015.1.1
pypi/glance
2015.1.0 - 2015.1.2PyPI
Published
Aug 19, 2015
Tracked Since
Feb 18, 2026