Vulnerability in Openstack Image_registry_and_delivery_service_\(glance\)

CVE-2015-5251

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to ima…

EPSS: 0.002 (38.2th percentile) — read the EPSS interpretation.

Affected products

Openstack Image_registry_and_delivery_service_\(glance\) — versions 2015.1.0, 2015.1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2015:1897 (x_refsource_REDHAT, vendor-advisory)