MEDIUM

GHSA-q748-mcwg-xmqv

OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions

상세

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / glance

최초 영향 버전: 2011.2 수정 버전: 2014.2.4

수정 pip install --upgrade 'glance>=2014.2.4'

PyPI / glance

최초 영향 버전: 2015.1.0 수정 버전: 2015.1.2

수정 pip install --upgrade 'glance>=2015.1.2'

참고

https://nvd.nist.gov/vuln/detail/CVE-2015-5251 [ADVISORY]
https://access.redhat.com/errata/RHSA-2015:1897 [WEB]
https://access.redhat.com/security/cve/CVE-2015-5251 [WEB]
https://bugs.launchpad.net/bugs/1482371 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=1263511 [WEB]
https://opendev.org/openstack/glance [PACKAGE]
https://rhn.redhat.com/errata/RHSA-2015-1897.html [WEB]
https://security.openstack.org/ossa/OSSA-2015-019.html [WEB]