CVE-2015-5163

Priority
Description
The import task action in OpenStack Image Service (Glance) 2015.1.x before
2015.1.2 (kilo), when using the V2 API, allows remote authenticated users
to read arbitrary files via a crafted backing file for a qcow2 image.
Notes
mdeslaurkilo only
Package
Upstream:released (2015.1.2)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:11.0.0-0ubuntu1)
More Information

Updated: 2020-01-29 19:52:36 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)