File Exposure Vulnerability in OpenStack Image Service by OpenStack
CVE-2015-5163

Currently unrated

Key Information:

Vendor

Openstack
Status
Glance
Vendor
CVE Published:
19 August 2015

What is CVE-2015-5163?

The OpenStack Image Service (Glance) version 2015.1.x prior to 2015.1.2 contains a vulnerability that permits remote authenticated users to access potentially sensitive files. This issue arises during the import task action when utilizing the V2 API, allowing attackers to exploit a specially crafted qcow2 backing file to read arbitrary files on the server. As a result, this vulnerability poses a risk of unauthorized information disclosure which could be leveraged for further attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://rhn.redhat.com/errata/RHSA-2015-1639.html
vendor-advisoryx_refsource_REDHAT
http://lists.openstack.org/pipermail/openstack-announce/2...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/76346
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.