CVE-2015-5251 – glance

Package

Manager: pip
Name: glance
Vulnerable Version: >=0 <2014.2.4 || >=2015.1.0 <2015.1.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00171 pctl0.38933

Details

OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

Metadata

Created: 2022-05-17T04:04:02Z
Modified: 2023-02-08T17:59:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q748-mcwg-xmqv/GHSA-q748-mcwg-xmqv.json
CWE IDs: []
Alternative ID: GHSA-q748-mcwg-xmqv
Finding: F039
Auto approve: 1