CVE-2015-1851 — MEDIUM (6.8)

Q: How severe is CVE-2015-1851?

CVE-2015-1851 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-1851?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Openstack Icehouse, Openstack Juno, Openstack Kilo.

Vulnerability Description

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

CVSS Score

6.8

MEDIUM

AV:N/AC:L/Au:S/C:C/I:N/A:N

Confidentiality

COMPLETE

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	15.04
Openstack	Icehouse	<= 2014.1.4
Openstack	Juno	2014.2
Openstack	Kilo	2015.1.0

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2015-1851?

CVE-2015-1851 is a vulnerability with a CVSS score of 6.8 (MEDIUM). OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signatur...

How severe is CVE-2015-1851?

CVE-2015-1851 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-1851?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Openstack Icehouse, Openstack Juno, Openstack Kilo.