ALT-PU-2015-2862-1

Package update openstack-glance in branch sisyphus

Version2015.1.2-alt1

Published2015-10-15

Max severityHIGH

Severity:

Closed issues (2)

LOW3.5

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

Published: 2015-08-19Modified: 2025-04-12

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N

References

GHSA-q73f-vjc2-3gqf

HIGH7.1

OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file

Published: 2022-05-17Modified: 2024-11-26

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS 4.0HIGH 7.1

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

References