OpenStack Image Service Vulnerability in Glance Affects Remote User Access
CVE-2015-5251

Currently unrated

Key Information:

Vendor: Openstack
Status: Image Registry And Delivery Service \(glance\)
Vendor: CVE Published:; 26 October 2015

Summary

The OpenStack Image Service (Glance) software has a vulnerability that permits remote authenticated users to alter the status of their images. This can lead to unauthorized access as these users can bypass predefined access restrictions through manipulation of the HTTP x-image-meta-status header. Such an exploit poses significant risks to data integrity and security, as it undermines the effectiveness of the service's access controls.

References

https://security.openstack.org/ossa/OSSA-2015-019.html

x_refsource_CONFIRM

https://bugs.launchpad.net/bugs/1482371

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2015-1897.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Oct 26, 2015
Vulnerability Reserved
Jul 1, 2015