Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-1195

Date: January 21, 2015

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.

Language: Python

Severity Score

Related Resources (13)

http://www.openwall.com/lists/oss-security/2015/01/15/2
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://github.com/openstack/glance/commit/7d3a1db33ccbd25b9fc7326ce3468eabd2a41a99
http://www.securityfocus.com/bid/71976
https://github.com/openstack/glance/commit/a2d986b976e9325a272e2d422465165315d19fe6
https://github.com/openstack/glance/commit/5191ed1879c5fd5b2694f922bcedec232f461088
http://www.openwall.com/lists/oss-security/2015/01/18/5
https://github.com/openstack/glance
https://bugs.launchpad.net/ossa/+bug/1408663
https://nvd.nist.gov/vuln/detail/CVE-2015-1195
http://secunia.com/advisories/62169
http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html
https://www.mend.io/vulnerability-database/CVE-2015-1195

Severity Score

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us