File Exposure Vulnerability in OpenStack Image Service by OpenStack
CVE-2015-5163

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
19 August 2015

Summary

The OpenStack Image Service (Glance) version 2015.1.x prior to 2015.1.2 contains a vulnerability that permits remote authenticated users to access potentially sensitive files. This issue arises during the import task action when utilizing the V2 API, allowing attackers to exploit a specially crafted qcow2 backing file to read arbitrary files on the server. As a result, this vulnerability poses a risk of unauthorized information disclosure which could be leveraged for further attacks.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.