File Exposure Vulnerability in OpenStack Image Service by OpenStack
CVE-2015-5163
Currently unrated
Summary
The OpenStack Image Service (Glance) version 2015.1.x prior to 2015.1.2 contains a vulnerability that permits remote authenticated users to access potentially sensitive files. This issue arises during the import task action when utilizing the V2 API, allowing attackers to exploit a specially crafted qcow2 backing file to read arbitrary files on the server. As a result, this vulnerability poses a risk of unauthorized information disclosure which could be leveraged for further attacks.
References
Timeline
Vulnerability published
Vulnerability Reserved