CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5163 – openstack-glance: Glance v2 API host file disclosure through qcow2 backing file
https://notcve.org/view.php?id=CVE-2015-5163
18 Aug 2015 — The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image. Vulnerabilidad en la acción de importar tareas en OpenStack Image Service (Glance) 2015.1.x en versiones anteriores a 2015.1.2 (kilo), cuando se usa la API V2, permite a usuarios remotos autenticados leer archivos arbitrarios a través de un archivo de respaldo manipulado para una imagen qcow2... • http://lists.openstack.org/pipermail/openstack-announce/2015-August/000527.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-454: External Initialization of Trusted Variables or Data Stores •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3289
https://notcve.org/view.php?id=CVE-2015-3289
14 Aug 2015 — OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them. Vulnerabilidad en OpenStack Glance en versiones anteriores a 2015.1.1 (kilo), permite a usuarios remotos autenticados causar una denegación de servicio (consumo de disco) utilizando reiteradamente la API de importación de flujo de tareas para crear imágenes y borrarlas después. • http://lists.openstack.org/pipermail/openstack-announce/2015-July/000481.html • CWE-399: Resource Management Errors •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 2CVE-2013-4428 – Glance: image_download policy not enforced for cached images
https://notcve.org/view.php?id=CVE-2013-4428
23 Oct 2013 — OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID. OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly con versiones anteriores a 2013.1.4, y Havana con versiones anteriores a 2013.2, cuando se configura la política image_download, no re... • http://rhn.redhat.com/errata/RHSA-2013-1525.html • CWE-264: Permissions, Privileges, and Access Controls •