Workflow

PyPi: Glance

CVE-2015-5163

Safety vulnerability ID: 35630

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 19, 2015 Updated at Dec 05, 2024
Scan your Python projects for vulnerabilities →

Advisory

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

Affected package

glance

Latest version: 29.0.0

OpenStack Image Service

Affected versions

Fixed versions

Vulnerability changelog

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.


MLIST:[openstack-announce] 20150813 [OSSA 2015-014] Glance v2 API host file disclosure through qcow2 backing file (CVE-2015-5163): http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html
CONFIRM:https://bugs.launchpad.net/glance/+bug/1471912: https://bugs.launchpad.net/glance/+bug/1471912
REDHAT:RHSA-2015:1639: http://rhn.redhat.com/errata/RHSA-2015-1639.html
BID:76346: http://www.securityfocus.com/bid/76346

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

LOW 3.5

CVSS v2 Details

LOW 3.5
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
SINGLE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
NONE
Availability Impact (A)
NONE