CVE-2015-5163

Published: 19 August 2015

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

Priority

Medium

Status

Package Release Status
glance
Launchpad, Ubuntu, Debian
Upstream
Released (2015.1.2)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(2:11.0.0-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])