VYPR
Moderate severityNVD Advisory· Published Jun 25, 2015· Updated Jun 17, 2026

CVE-2015-1851

CVE-2015-1851

Description

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cinderPyPI
< 7.0.0a07.0.0a0

Affected products

7
  • cpe:2.3:a:openstack:icehouse:*:*:*:*:*:*:*:*
    Range: <=2014.1.4
  • OpenStack/Juno3 versions
    cpe:2.3:a:openstack:juno:2014.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:openstack:juno:2014.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:juno:2014.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:juno:2014.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:kilo:2015.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 7.0.0a0

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.