Openstack · Openstack Image Service · CVE-2015-5163
**Name of the Vulnerable Software and Affected Versions**
OpenStack Image Service (Glance) versions 2015.1.x before 2015.1.2 (kilo)
**Description**
The issue allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image when using the V2 API.
**Recommendations**
For OpenStack Image Service (Glance) versions 2015.1.x before 2015.1.2 (kilo), update to version 2015.1.2 or later to resolve the issue.