CVE-2015-1851: OpenStack Cinder file disclosure in image convert
(updated )
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.
References
- bugs.launchpad.net/cinder/+bug/1415087
- github.com/advisories/GHSA-9hcj-h2qc-689p
- github.com/openstack/cinder
- github.com/openstack/cinder/commit/9634b76ba5886d6c2f2128d550cb005dabf48213
- github.com/openstack/cinder/commit/b1143ee45323e63b965a3710f9063e65b252c978
- github.com/openstack/cinder/commit/bc0549e08b010edb863d409d80114aa78d317a61
- github.com/openstack/cinder/commit/d31c937c566005dedf41a60c6b5bd5e7b26f221b
- nvd.nist.gov/vuln/detail/CVE-2015-1851
Code Behaviors & Features
Detect and mitigate CVE-2015-1851 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →