Published: 26/10/2015 Updated: 13/02/2023

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Subscribe to Image Registry And Delivery Service \(glance\)

OpenStack Image Service (Glance) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack image registry and delivery service \\(glance\\)
openstack image registry and delivery service \\(glance\\) 2015.1.1
openstack image registry and delivery service \\(glance\\) 2015.1.0

Debian Bug report logs - #799931 CVE-2015-5251: (OSSA 2015-019) Glance image status manipulation Package: src:glance; Maintainer for src:glance is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Thu, 24 Sep 2015 12:57:02 UTC Severity: important Tags: fixed-ups ...

Several security issues were fixed in OpenStack Glance ...

CWE-264 http://rhn.redhat.com/errata/RHSA-2015-1897.html https://security.openstack.org/ossa/OSSA-2015-019.html https://bugs.launchpad.net/bugs/1482371 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799931 https://usn.ubuntu.com/3446-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-5251

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect