CVE-2015-1851
openstack-cinder: Host file disclosure through qcow2 backing file
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.
OpenStack Cinder anterior a 2014.1.5 (icehouse), 2014.2.x anterior a 2014.2.4 (juno), y 2015.1.x anterior a 2015.1.1 (kilo) permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una firma qcow2 manipulada en una imagen en el comando 'subir a imagen' (upload-to-image).
A flaw was found in the OpenStack Block Storage (cinder) upload-to-image functionality. When processing a malicious qcow2 header, cinder could be tricked into reading an arbitrary file from the cinder host.
OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes. In addition, Block Storage supports volume backups, and snapshots for temporary save and restore operations. Programatic management is available via Block Storage’s API. A flaw was found in the cinder upload-to-image functionality. When processing a malicious qcow2 header cinder could be tricked into reading an arbitrary file from the cinder host.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-17 CVE Reserved
- 2015-06-19 CVE Published
- 2024-08-06 CVE Updated
- 2025-02-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/06/13/1 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2015/06/17/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2015/06/17/7 | Mailing List |
|
| https://bugs.launchpad.net/cinder/+bug/1415087 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html | 2016-12-28 | |
| http://rhn.redhat.com/errata/RHSA-2015-1206.html | 2016-12-28 | |
| http://www.debian.org/security/2015/dsa-3292 | 2016-12-28 | |
| http://www.ubuntu.com/usn/USN-2703-1 | 2016-12-28 | |
| https://access.redhat.com/security/cve/CVE-2015-1851 | 2015-07-02 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1231817 | 2015-07-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Icehouse Search vendor "Openstack" for product "Icehouse" | <= 2014.1.4 Search vendor "Openstack" for product "Icehouse" and version " <= 2014.1.4" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Juno Search vendor "Openstack" for product "Juno" | 2014.2 Search vendor "Openstack" for product "Juno" and version "2014.2" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Juno Search vendor "Openstack" for product "Juno" | 2014.2.2 Search vendor "Openstack" for product "Juno" and version "2014.2.2" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Juno Search vendor "Openstack" for product "Juno" | 2014.2.3 Search vendor "Openstack" for product "Juno" and version "2014.2.3" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Kilo Search vendor "Openstack" for product "Kilo" | 2015.1.0 Search vendor "Openstack" for product "Kilo" and version "2015.1.0" | - |
Affected
| ||||||