Path Traversal Vulnerability in OpenStack Image Registry by OpenStack
CVE-2015-1195

Currently unrated

Key Information:

Vendor

Openstack
Status
Image Registry And Delivery Service \(glance\)
Vendor
CVE Published:
21 January 2015

What is CVE-2015-1195?

The V2 API in OpenStack Image Registry and Delivery Service (Glance) is susceptible to a path traversal vulnerability that permits remote authenticated users to access or delete files on the server. This is achieved by manipulating the image location property with a full pathname in a filesystem URL. The issue arises from an incomplete resolution of a prior security concern, allowing the exploitation of critical file system operations. Users must ensure they are using patched versions to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.openstack.org/pipermail/openstack-announce/2...
mailing-listx_refsource_MLIST
https://bugs.launchpad.net/ossa/+bug/1408663
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2015/01/18/5
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.