Skip to main content

Image Registry And Delivery Service Glance CVE-2015-5251

MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2015-10-26 secalert@redhat.com
5.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:N/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Oct 26, 2015 - 17:59 cve.org
MEDIUM 5.5

DescriptionCVE.org

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

AnalysisAI

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-264. OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. Affected products include: Openstack Image Registry And Delivery Service \(Glance\). Version information: before 2014.2.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-1881 MEDIUM POC
4.0 Feb 24

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which al

CVE-2014-9684 MEDIUM POC
4.0 Feb 24

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which al

CVE-2014-9623 MEDIUM POC
4.0 Jan 23

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storag

CVE-2015-5286 MEDIUM
6.8 Oct 26

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated

CVE-2015-1195 MEDIUM
6.5 Jan 21

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows

CVE-2014-0162 MEDIUM
6.0 Apr 27

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse befor

CVE-2012-5482 MEDIUM
5.5 Nov 11

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete

CVE-2012-4573 MEDIUM
5.5 Nov 11

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete

CVE-2014-9493 MEDIUM
5.5 Jan 07

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenti

CVE-2016-0757 MEDIUM
4.3 Apr 13

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations

CVE-2013-0212 MEDIUM
4.0 Feb 24

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single te

CVE-2014-5356 MEDIUM
4.0 Aug 25

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3,

Share

CVE-2015-5251 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy