Описание
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-5163
- https://github.com/openstack/glance/commit/eb99e45829a1b4c93db5692bdbf636a86faa56c4
- https://access.redhat.com/errata/RHSA-2015:1639
- https://access.redhat.com/security/cve/CVE-2015-5163
- https://bugs.launchpad.net/glance/+bug/1471912
- https://bugzilla.redhat.com/show_bug.cgi?id=1252378
- https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2015-39.yaml
- https://web.archive.org/web/20200228024903/http://www.securityfocus.com/bid/76346
- http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html
- http://rhn.redhat.com/errata/RHSA-2015-1639.html
Пакеты
glance
>= 2015.1.0, < 2015.1.2
2015.1.2
Связанные уязвимости
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
The import task action in OpenStack Image Service (Glance) 2015.1.x be ...