CVE-2015-8234

CWE-310 CWE-328 CWE-327 — Broken Cryptographic Algorithm8 documents7 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 67.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Glance

Timeline

PublishedMar 29

Latest updateMay 17

Description

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDopenstack/glance11.0.0

▶PyPIglance11.0.0

Patches

Patch: bugs.launchpad.net ↗Patch: bugs.launchpad.net ↗

🔴Vulnerability Details

OSV

OpenStack Glance Signature Verification Bypass↗2022-05-17

▶

GHSA

OpenStack Glance Signature Verification Bypass↗2022-05-17

▶

OSV

CVE-2015-8234: The image signature algorithm in OpenStack Glance 11↗2017-03-29

▶

CVEList

CVE-2015-8234: The image signature algorithm in OpenStack Glance 11↗2017-03-29

▶

📋Vendor Advisories

Red Hat

openstack-glance: MD5 used for cryptographic signature verification↗2015-11-18

▶

Debian

CVE-2015-8234: glance - The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers...↗2015

▶

💬Community

Bugzilla

CVE-2015-8234 openstack-glance: MD5 used for cryptographic signature verification↗2016-02-01

▶