| Vulnerability Name: | CVE-2015-1851 (CCN-103916) | ||||||||||||
| Assigned: | 2015-06-13 | ||||||||||||
| Published: | 2015-06-13 | ||||||||||||
| Updated: | 2016-12-28 | ||||||||||||
| Summary: | OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command. | ||||||||||||
| CVSS v3 Severity: | 6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
| ||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-1851 Source: MLIST Type: Vendor Advisory [openstack-announce] 20150616 [OSSA 2015-011.1] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) ERRATA 1 Source: REDHAT Type: UNKNOWN RHSA-2015:1206 Source: CCN Type: oss-security Mailing List, Wed, 17 Jun 2015 06:43:00 -0700 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) Source: DEBIAN Type: UNKNOWN DSA-3292 Source: CCN Type: IBM Security Bulletin T1023146 Openstack Cinder and Horizon vulnerabilities affect IBM Cloud Manager with OpenStack (CVE-2015-1851 CVE-2015-3219) Source: CCN Type: IBM Security Bulletin N1020980 IBM PowerVC is impacted by OpenStack Cinder information disclosure vulneraility (CVE-2015-1851) Source: MLIST Type: UNKNOWN [oss-security] 20150613 CVE-2015-1850: OpenStack Cinder/Nova: Format-guessing and file disclosure in image convert Source: MLIST Type: UNKNOWN [oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850) Source: MLIST Type: UNKNOWN [oss-security] 20150617 Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1850) Source: UBUNTU Type: UNKNOWN USN-2703-1 Source: CCN Type: Launchpad Bug #1415087 Format-guessing and file disclosure in image convert (CVE-2015-1850) Source: CONFIRM Type: UNKNOWN https://bugs.launchpad.net/cinder/+bug/1415087 Source: CCN Type: Red Hat Bugzilla Bug 1231817 (CVE-2015-1851) CVE-2015-1851 openstack-cinder: Host file disclosure through qcow2 backing file Source: XF Type: UNKNOWN openstack-cinder-cve20151851-info-disc(103916) Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-1851 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||