Lucene search

[email protected]CVE-2015-1851

HistoryJun 25, 2015 - 4:59 p.m.

CVE-2015-1851

2015-06-2516:59:00

CWE-200

[email protected]

web.nvd.nist.gov

openstack

cinder

cve-2015-1851

security vulnerability

remote file read

qcow2

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.4%

JSON

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch15.04

Node

openstackicehouseRange≤2014.1.4

openstackjunoMatch2014.2

openstackjunoMatch2014.2.2

openstackjunoMatch2014.2.3

openstackkiloMatch2015.1.0

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04

References

lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html

rhn.redhat.com/errata/RHSA-2015-1206.html

www.debian.org/security/2015/dsa-3292

www.openwall.com/lists/oss-security/2015/06/13/1

www.openwall.com/lists/oss-security/2015/06/17/2

www.openwall.com/lists/oss-security/2015/06/17/7

www.ubuntu.com/usn/USN-2703-1

bugs.launchpad.net/cinder/+bug/1415087

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.4%

JSON

Related for CVE-2015-1851

debiancve1 openvas4 securityvulns2 debian2 redhat1 nessus3 ubuntu1 prion1 cvelist1 fedora1 nvd1 github1 ubuntucve1