Your submission was sent successfully! Close

CVE-2015-1851

Published: 25 June 2015

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

Priority

Medium

Status

Package Release Status
cinder
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was not-affected [1:2014.1.5-0ubuntu1])
upstream
Released (2014.1.5,2014.2.4,2015.1.1)
utopic Ignored
(reached end-of-life)
vivid
Released (1:2015.1.0-0ubuntu1.1)