Image Signature Bypass Vulnerability in OpenStack Glance
CVE-2015-8234

5.5MEDIUM

Key Information:

Vendor
Openstack
Status
Glance
Vendor
CVE Published:
29 March 2017

Summary

The image signature algorithm in OpenStack Glance version 11.0.0 is susceptible to an exploit that allows remote attackers to bypass the signature verification process. This vulnerability is triggered by a crafted image that can cause MD5 collision, potentially leading to unauthorized access or other malicious actions. The flaw highlights critical concerns for users relying on image integrity for secure cloud operations.

References

http://seclists.org/oss-sec/2015/q4/303
mailing-listx_refsource_MLIST
https://wiki.openstack.org/wiki/OSSN/OSSN-0061
x_refsource_CONFIRM
https://bugs.launchpad.net/glance/+bug/1516031
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.