VYPR
High severityNVD Advisory· Published Aug 19, 2015· Updated Jun 17, 2026

CVE-2015-5163

CVE-2015-5163

Description

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
glancePyPI
>= 2015.1.0, < 2015.1.22015.1.2

Affected products

3
  • OpenStack/Glance2 versions
    cpe:2.3:a:openstack:glance:2015.1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openstack:glance:2015.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:glance:2015.1.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2015.1.0, < 2015.1.2

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.