CVE-2015-5163
published 2015-08-19CVE-2015-5163: The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read…
low3.5CVSS 3.1
AVNACMAuSCPINAN
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glance | < glance 2015.1.0-4 (bookworm) | glance 2015.1.0-4 (bookworm) |
| glance_project | glance | >= 0 < 2015.1.0-4 | 2015.1.0-4 |
| glance_project | glance | >= 0 < 2015.1.0-4 | 2015.1.0-4 |
| glance_project | glance | >= 0 < 2015.1.0-4 | 2015.1.0-4 |
| glance_project | glance | >= 0 < 2015.1.0-4 | 2015.1.0-4 |
| glance_project | glance | >= 2015.1.0 < 2015.1.2 | 2015.1.2 |
| openstack | glance | — | — |
| openstack | glance | — | — |
CVSS provenance
nvd3.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
osv3.5LOW