CVE-2015-1195

Priority
Description
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before
2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to
read or delete arbitrary files via a full pathname in a filesystem: URL in
the image location property. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2014-9493.
Assigned-to
mdeslaur
Notes
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1:2014.1.4-0ubuntu1])
Patches:
Upstream:https://review.openstack.org/145974 (icehouse)
Upstream:https://review.openstack.org/145916 (juno)
Upstream:https://review.openstack.org/145640 (kilo)
More Information

Updated: 2020-09-10 04:36:41 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)