CVE-2015-5251Incorrect Authorization in Project Glance

CWE-264CWE-863Incorrect AuthorizationCWE-285Improper Authorization11 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 61.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Glance Project GlanceOpenstack Image Registry AND Delivery Service
Timeline
PublishedOct 26
Latest updateMay 17

Description

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages4 packages

PyPIglance_project/glance2011.22014.2.4+1
Debianglance_project/glance< 1:11.0.0-1+3
Ubuntuglance_project/glance< 1:2014.1.5-0ubuntu1.1

🔴Vulnerability Details

5
GHSA
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions2022-05-17
OSV
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions2022-05-17
OSV
glance vulnerabilities2017-10-11
CVEList
CVE-2015-5251: OpenStack Image Service (Glance) before 20142015-10-26
OSV
CVE-2015-5251: OpenStack Image Service (Glance) before 20142015-10-26

📋Vendor Advisories

3
Ubuntu
OpenStack Glance vulnerabilities2017-10-11
Red Hat
openstack-glance allows illegal modification of image status2015-09-22
Debian
CVE-2015-5251: glance - OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015...2015

💬Community

2
Bugzilla
CVE-2015-5251 openstack-glance: openstack-glance allows illegal modification of image status [fedora-all]2015-10-12
Bugzilla
CVE-2015-5251 openstack-glance allows illegal modification of image status2015-09-16
CVE-2015-5251 — Incorrect Authorization | cvebase