Path Traversal Vulnerability in OpenStack Image Registry by OpenStack
CVE-2015-1195

Currently unrated

Key Information:

Vendor: Openstack
Status: Image Registry And Delivery Service \(glance\)
Vendor: CVE Published:; 21 January 2015

Summary

The V2 API in OpenStack Image Registry and Delivery Service (Glance) is susceptible to a path traversal vulnerability that permits remote authenticated users to access or delete files on the server. This is achieved by manipulating the image location property with a full pathname in a filesystem URL. The issue arises from an incomplete resolution of a prior security concern, allowing the exploitation of critical file system operations. Users must ensure they are using patched versions to mitigate the risks associated with this vulnerability.

References

http://lists.openstack.org/pipermail/openstack-announce/2...

mailing-listx_refsource_MLIST

https://bugs.launchpad.net/ossa/+bug/1408663

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2015/01/18/5

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Jan 21, 2015
Vulnerability Reserved
Jan 18, 2015