PT-2015-5471 · Openstack · Openstack Cinder
Bastian Blank
+1
·
Publicado
2015-06-19
·
Atualizado
2022-05-17
·
CVE-2015-1851
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenStack Cinder versions prior to 2014.1.5
OpenStack Cinder versions 2014.2.x prior to 2014.2.4
OpenStack Cinder versions 2015.1.x prior to 2015.1.1
Description
The issue allows remote authenticated users to read arbitrary files by crafting a qcow2 signature in an image to the upload-to-image command.
Recommendations
For versions prior to 2014.1.5, update to version 2014.1.5 or later.
For versions 2014.2.x prior to 2014.2.4, update to version 2014.2.4 or later.
For versions 2015.1.x prior to 2015.1.1, update to version 2015.1.1 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openstack Cinder