OpenStack Image Service (Glance) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack image registry and delivery service \\(glance\\) |
||
openstack image registry and delivery service \\(glance\\) 2015.1.1 |
||
openstack image registry and delivery service \\(glance\\) 2015.1.0 |