Moderate severityNVD Advisory· Published Oct 26, 2015· Updated Jun 17, 2026
CVE-2015-5251
CVE-2015-5251
Description
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
glancePyPI | >= 2011.2, < 2014.2.4 | 2014.2.4 |
glancePyPI | >= 2015.1.0, < 2015.1.2 | 2015.1.2 |
Affected products
6cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*range: <=2014.2.3
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2015.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2015.1.1:*:*:*:*:*:*:*
- ghsa-coords3 versionspkg:pypi/glancepkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%205
>= 2011.2, < 2014.2.4+ 2 more
- (no CPE)range: >= 2011.2, < 2014.2.4
- (no CPE)range: < 2014.2.4.juno-14.1
- (no CPE)range: < 2014.2.4.juno-14.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-q748-mcwg-xmqvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5251ghsaADVISORY
- security.openstack.org/ossa/OSSA-2015-019.htmlnvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2015:1897ghsaWEB
- access.redhat.com/security/cve/CVE-2015-5251ghsaWEB
- bugs.launchpad.net/bugs/1482371nvdWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- opendev.org/openstack/glanceghsaPACKAGE
- rhn.redhat.com/errata/RHSA-2015-1897.htmlghsaWEB
- rhn.redhat.com/errata/RHSA-2015-1897.htmlnvd
News mentions
0No linked articles in our index yet.