CVE-2015-5251

openstack-glance allows illegal modification of image status

Severity Score

5.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

OpenStack Image Service (Glance) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores 2015.1.2 (kilo) permiten a usuarios remotos autenticados cambiar el estado de sus imágenes y eludir las restricciones de acceso a través de la cabecera HTTP x-image-meta-status a images/*.

A flaw was discovered in the OpenStack Image service (glance) where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas, and in some cases replace image contents (where they have owner access). Setups using the Image service's v1 API could allow the illegal modification of image status. Additionally, setups which also use the v2 API could allow a subsequent re-upload of image contents.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-07-01 CVE Reserved
2015-10-16 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls
CWE-285: Improper Authorization

CAPEC

References (5)

URL	Tag	Source
https://bugs.launchpad.net/bugs/1482371	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2015-1897.html	2023-02-13
https://security.openstack.org/ossa/OSSA-2015-019.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2015-5251	2015-10-15
https://bugzilla.redhat.com/show_bug.cgi?id=1263511	2015-10-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)"				<= 2014.2.3 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version " <= 2014.2.3"		-		Affected
Openstack Search vendor "Openstack"		Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)"				2015.1.0 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "2015.1.0"		-		Affected
Openstack Search vendor "Openstack"		Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)"				2015.1.1 Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)" and version "2015.1.1"		-		Affected