Description
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://security.openstack.org/ossa/OSSA-2015-019.html
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/bugs/1482371
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1897.html
Scores
EPSS
0.0017
EPSS Percentile
38.0%
Details
CWE
CWE-264
Status
published
Products (4)
openstack/image_registry_and_delivery_service_\(glance\)
2015.1.0
openstack/image_registry_and_delivery_service_\(glance\)
2015.1.1
openstack/image_registry_and_delivery_service_\(glance\)
< 2014.2.3
pypi/glance
2011.2 - 2014.2.4PyPI
Published
Oct 26, 2015
Tracked Since
Feb 18, 2026