OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
High severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Nov 26, 2024
Description
Published by the National Vulnerability Database
Aug 19, 2015
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Feb 8, 2023
Last updated
Nov 26, 2024
The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.
References