PYSEC-2015-39

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/glance/PYSEC-2015-39.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2015-39

Aliases

CVE-2015-5163
GHSA-q73f-vjc2-3gqf

Published

2015-08-19T15:59:00Z

Modified

2024-11-25T22:42:16.804965Z

Summary

[none]

Details

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

References

http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html
http://rhn.redhat.com/errata/RHSA-2015-1639.html
https://bugs.launchpad.net/glance/+bug/1471912
http://www.securityfocus.com/bid/76346

Affected packages

PyPI / glance

Package

Name: glance; View open source insights on deps.dev
Purl: pkg:pypi/glance

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2015.1.0

Fixed

2015.1.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/glance/PYSEC-2015-39.yaml"