CVE-2015-1851Sensitive Information Exposure in Cinder

CWE-200Sensitive Information Exposure10 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
0.5%
top 34.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Openstack CinderOpenstack IcehouseCanonical Ubuntu Linux+2 more
Timeline
PublishedJun 25
Latest updateMay 17

Description

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 8.0 | Impact: 6.9

Affected Packages5 packages

PyPIopenstack/cinder< 7.0.0a0
Debianopenstack/cinder< 2015.1.0+2015.06.16.git26.9634b76ba5-1+3
NVDopenstack/icehouse2014.1.4
NVDopenstack/juno2014.2, 2014.2.2, 2014.2.3+2
NVDopenstack/kilo2015.1.0

Also affects: Ubuntu Linux 15.04

🔴Vulnerability Details

4
GHSA
OpenStack Cinder file disclosure in image convert2022-05-17
OSV
OpenStack Cinder file disclosure in image convert2022-05-17
OSV
CVE-2015-1851: OpenStack Cinder before 20142015-06-25
CVEList
CVE-2015-1851: OpenStack Cinder before 20142015-06-25

📋Vendor Advisories

3
Ubuntu
Cinder vulnerability2015-08-06
Red Hat
openstack-cinder: Host file disclosure through qcow2 backing file2015-06-12
Debian
CVE-2015-1851: cinder - OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), an...2015

💬Community

2
Bugzilla
CVE-2015-1851 openstack-cinder: Host file disclosure through qcow2 backing file2015-06-15
Bugzilla
CVE-2015-1851 openstack-cinder: Host file disclosure through qcow2 backing file [fedora-all]2015-06-15
CVE-2015-1851 — Sensitive Information Exposure | cvebase