CVE-2015-5251

EPSS 0.17%

OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions

發布日:2022/5/17修改日:2026/4/28

描述

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

受影響套件(2)

Debian/glancefrom 0, < 1:11.0.0-1
PyPI/glance>= 2011.2, < 2014.2.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

參考連結(9)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5251
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-5251
PATCHhttps://opendev.org/openstack/glance
WEBhttps://access.redhat.com/errata/RHSA-2015:1897
WEBhttps://access.redhat.com/security/cve/CVE-2015-5251
WEBhttps://bugs.launchpad.net/bugs/1482371
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1263511
WEBhttps://rhn.redhat.com/errata/RHSA-2015-1897.html
WEBhttps://security.openstack.org/ossa/OSSA-2015-019.html