CVE-2015-1195 — MEDIUM (6.5)

Q: How severe is CVE-2015-1195?

CVE-2015-1195 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-1195?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Image Registry And Delivery Service \(Glance\).

Vulnerability Description

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Openstack	Image Registry And Delivery Service \(Glance\)	>= 2014.1, < 2014.1.4

Related Weaknesses (CWE)

CWE-22

References

http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.htmlVendor Advisory
http://secunia.com/advisories/62169Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/15/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/18/5Mailing ListThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlThird Party Advisory
http://www.securityfocus.com/bid/71976Third Party AdvisoryVDB Entry
https://bugs.launchpad.net/ossa/+bug/1408663Third Party Advisory
http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.htmlVendor Advisory
http://secunia.com/advisories/62169Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/15/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2015/01/18/5Mailing ListThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlThird Party Advisory
http://www.securityfocus.com/bid/71976Third Party AdvisoryVDB Entry
https://bugs.launchpad.net/ossa/+bug/1408663Third Party Advisory

FAQ

What is CVE-2015-1195?

CVE-2015-1195 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathnam...

How severe is CVE-2015-1195?

CVE-2015-1195 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-1195?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Image Registry And Delivery Service \(Glance\).