CVE-2015-5163

CWE-200Information ExposureCWE-4548 documents7 sources
Severity
3.5LOW
EPSS
0.2%
top 53.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Glance
Timeline
PublishedAug 19
Latest updateMay 17

Description

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

NVDopenstack/glance2015.1.0, 2015.1.1+1
PyPIglance2015.1.02015.1.2
Debianglance< 2015.1.0-4+3

🔴Vulnerability Details

4
OSV
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file2022-05-17
GHSA
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file2022-05-17
CVEList
CVE-2015-5163: The import task action in OpenStack Image Service (Glance) 20152015-08-19
OSV
CVE-2015-5163: The import task action in OpenStack Image Service (Glance) 20152015-08-19

📋Vendor Advisories

2
Red Hat
openstack-glance: Glance v2 API host file disclosure through qcow2 backing file2015-08-13
Debian
CVE-2015-5163: glance - The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015....2015

💬Community

1
Bugzilla
CVE-2015-5163 openstack-glance: Glance v2 API host file disclosure through qcow2 backing file2015-08-11
CVE-2015-5163 (LOW CVSS 3.5) | The import task action in OpenStack | cvebase.io