CVE-2015-1851 – cinder

Package

Manager: pip
Name: cinder
Vulnerable Version: >=0 <7.0.0a0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00489 pctl0.64529

Details

OpenStack Cinder file disclosure in image convert OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

Metadata

Created: 2022-05-17T03:15:10Z
Modified: 2024-05-14T21:25:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9hcj-h2qc-689p/GHSA-9hcj-h2qc-689p.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-9hcj-h2qc-689p
Finding: F038
Auto approve: 1