Path Traversal in Openstack Image_registry_and_delivery_service_\(glance\)

CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image loc…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.011 (78.5th percentile) — read the EPSS interpretation.

Affected products

Openstack Image_registry_and_delivery_service_\(glance\)
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

[openstack-announce] 20150120 [OSSA 2015-002.1] Glance v2 API unrestricted path traversal through filesystem:// scheme (CVE-2015-1195) ERRATA 1 (Vendor Advisory, mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
[oss-security] 20150118 Re: [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
62169 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
[oss-security] 20150115 [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
71976 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)