Eharney

**Name of the Vulnerable Software and Affected Versions** OpenStack Image Service (Glance) versions 2015.1.x before 2015.1.2 (kilo) **Description** The issue allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image when using the V2 API. **Recommendations** For OpenStack Image Service (Glance) versions 2015.1.x before 2015.1.2 (kilo), update to version 2015.1.2 or later to resolve the issue.