Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2015-1851

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

  • Published: Jun 25, 2015
  • Updated: Apr 13, 2023
  • CVE: CVE-2015-1851
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:L/Au:S/C:C/I:N/A:N

CWEs:

Software From Fixed in
canonical / ubuntu_linux 15.04 15.04.x
openstack / juno 2014.2.2 2014.2.2.x
openstack / kilo 2015.1.0 2015.1.0.x
openstack / icehouse - 2014.1.4.x
openstack / juno 2014.2.3 2014.2.3.x
openstack / juno 2014.2 2014.2.x