OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:32
Type | Values Removed | Values Added |
---|---|---|
References | () http://rhn.redhat.com/errata/RHSA-2015-1897.html - | |
References | () https://bugs.launchpad.net/bugs/1482371 - | |
References | () https://security.openstack.org/ossa/OSSA-2015-019.html - Vendor Advisory |
Information
Published : 2015-10-26 17:59
Updated : 2024-11-21 02:32
NVD link : CVE-2015-5251
Mitre link : CVE-2015-5251
CVE.ORG link : CVE-2015-5251
JSON object : View
Products Affected
openstack
- image_registry_and_delivery_service_\(glance\)
CWE
CWE-264
Permissions, Privileges, and Access Controls