The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image. |
02 Feb 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
Summary | A flaw was found in the OpenStack Image Service (glance) import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw. | |
References |
|
Information
Published : 2015-08-19 15:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-5163
Mitre link : CVE-2015-5163
CVE.ORG link : CVE-2015-5163
JSON object : View
Products Affected
openstack
- glance
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor