File Exposure Vulnerability in OpenStack Image Service by OpenStack
CVE-2015-5163

Currently unrated

Key Information:

Vendor
Openstack
Status
Glance
Vendor
CVE Published:
19 August 2015

Summary

The OpenStack Image Service (Glance) version 2015.1.x prior to 2015.1.2 contains a vulnerability that permits remote authenticated users to access potentially sensitive files. This issue arises during the import task action when utilizing the V2 API, allowing attackers to exploit a specially crafted qcow2 backing file to read arbitrary files on the server. As a result, this vulnerability poses a risk of unauthorized information disclosure which could be leveraged for further attacks.

References

http://rhn.redhat.com/errata/RHSA-2015-1639.html
vendor-advisoryx_refsource_REDHAT
http://lists.openstack.org/pipermail/openstack-announce/2...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/76346
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.