CVE-2015-5163 – glance

Package

Manager: pip
Name: glance
Vulnerable Version: >=2015.1.0 <2015.1.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00237 pctl0.46769

Details

OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

Metadata

Created: 2022-05-17T03:44:51Z
Modified: 2024-11-26T18:27:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q73f-vjc2-3gqf/GHSA-q73f-vjc2-3gqf.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-q73f-vjc2-3gqf
Finding: F310
Auto approve: 1