[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-1851Date: (C)2015-07-02   (M)2023-12-22


OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.0
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
DSA-3292
RHSA-2015:1206
USN-2703-1
http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html
http://www.openwall.com/lists/oss-security/2015/06/13/1
http://www.openwall.com/lists/oss-security/2015/06/17/7
https://bugs.launchpad.net/cinder/+bug/1415087

CPE    5
cpe:/a:openstack:kilo:2015.1.0
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/a:openstack:juno:2014.2
cpe:/a:openstack:juno:2014.2.2
...
CWE    1
CWE-200
OVAL    3
oval:org.secpod.oval:def:602148
oval:org.secpod.oval:def:109345
oval:org.secpod.oval:def:702700

© SecPod Technologies