CVE-2015-1851

Published: Jun 25, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[openstack-announce] 20150616 [OSSA 2015-011.1] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) ERRATA 1

mailing-list

x_refsource_MLIST

DSA-3292

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20150613 CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert

mailing-list

x_refsource_MLIST

[oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850)

mailing-list

x_refsource_MLIST

RHSA-2015:1206

vendor-advisory

x_refsource_REDHAT

USN-2703-1

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850)

mailing-list

x_refsource_MLIST

https://bugs.launchpad.net/cinder/+bug/1415087

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-1851

Description

Affected Products

References