Openstack · Openstack Image Service · CVE-2015-5251
**Name of the Vulnerable Software and Affected Versions**
OpenStack Image Service (Glance) versions prior to 2014.2.4 (juno)
OpenStack Image Service (Glance) versions 2015.1.x prior to 2015.1.2 (kilo)
**Description**
The issue allows remote authenticated users to bypass access restrictions and change the status of their images. This is achieved by using the HTTP `x-image-meta-status` header to `images/*.`
**Recommendations**
For versions prior to 2014.2.4 (juno), update to version 2014.2.4 or later.
For versions 2015.1.x prior to 2015.1.2 (kilo), update to version 2015.1.2 or later.