OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2015-10-26 17:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-5251
Mitre link : CVE-2015-5251
CVE.ORG link : CVE-2015-5251
JSON object : View
Products Affected
openstack
- image_registry_and_delivery_service_\(glance\)
CWE
CWE-264
Permissions, Privileges, and Access Controls