CVE-2015-5251

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

Published: Oct 26, 2015
Updated: May 9, 2024
CVE: CVE-2015-5251
GHSA: GHSA-q748-mcwg-xmqv
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
openstack / image_registry_and_delivery_service_(glance)	-	2014.2.3.x
openstack / image_registry_and_delivery_service_(glance)	2015.1.1	2015.1.1.x
openstack / image_registry_and_delivery_service_(glance)	2015.1.0	2015.1.0.x
glance	-	2014.2.4
glance	2015.1.0	2015.1.2

http://rhn.redhat.com/errata/RHSA-2015-1897.html
https://access.redhat.com/errata/RHSA-2015:1897
https://access.redhat.com/security/cve/CVE-2015-5251
https://bugs.launchpad.net/bugs/1482371
https://bugzilla.redhat.com/show_bug.cgi?id=1263511
https://rhn.redhat.com/errata/RHSA-2015-1897.html
https://security.openstack.org/ossa/OSSA-2015-019.html

Vulnerability Database

289,599

CVE-2015-5251