CVE-2015-5251

medium

Description

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

References

https://security.openstack.org/ossa/OSSA-2015-019.html

https://bugs.launchpad.net/bugs/1482371

http://rhn.redhat.com/errata/RHSA-2015-1897.html

Details

Source: Mitre, NVD

Published: 2015-10-26

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N