CVE-2015-0271 — Sensitive Information Exposure in Redhat Openstack

CWE-200 — Sensitive Information Exposure CWE-73 — External Control of File Name or Path CWE-552 — Files or Directories Accessible to External Parties6 documents6 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 57.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openstack

Timeline

PublishedMar 10

Latest updateMay 17

Description

The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/openstack5.0, 6.0+1

🔴Vulnerability Details

GHSA

GHSA-qr8c-4v4w-95m2: The log-viewing function in the Red Hat redhat-access-plugin before 6↗2022-05-17

▶

CVEList

CVE-2015-0271: The log-viewing function in the Red Hat redhat-access-plugin before 6↗2015-03-10

▶

📋Vendor Advisories

Red Hat

dashboard: log file arbitrary file retrieval↗2015-03-05

▶

Debian

CVE-2015-0271: horizon - The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for Op...↗2015

▶

💬Community

Bugzilla

CVE-2015-0271 OpenStack dashboard: log file arbitrary file retrieval↗2015-02-17

▶