CyberSec.Space Logo
Back to CVE Browser

CVE-2015-1851

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile27.53th
PublishedJun 25, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

Affected Platforms (CPE)

πŸ’»
Canonical

Ubuntu Linux

= 15.04
πŸ“¦
Openstack

Icehouse

<= 2014.1.4
πŸ“¦
Openstack

Juno

= 2014.2
πŸ“¦
Openstack

Juno

= 2014.2.2
πŸ“¦
Openstack

Juno

= 2014.2.3
πŸ“¦
Openstack

Kilo

= 2015.1.0

References & Advisories

πŸ”— http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2015-1206.html
πŸ”— http://www.debian.org/security/2015/dsa-3292
πŸ”— http://www.openwall.com/lists/oss-security/2015/06/13/1
πŸ”— http://www.openwall.com/lists/oss-security/2015/06/17/2
πŸ”— http://www.openwall.com/lists/oss-security/2015/06/17/7
πŸ”— http://www.ubuntu.com/usn/USN-2703-1
πŸ”— https://bugs.launchpad.net/cinder/+bug/1415087

Related Vulnerabilities

CVE-2021-344239.8

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before ve...

CVE-2018-66349.8

A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maint...

CVE-2021-34938.8

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file cap...

CVE-2021-34928.8

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during cop...