Moderate severityNVD Advisory· Published Oct 26, 2015· Updated May 6, 2026
CVE-2015-5251
CVE-2015-5251
Description
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
glancePyPI | >= 2011.2, < 2014.2.4 | 2014.2.4 |
glancePyPI | >= 2015.1.0, < 2015.1.2 | 2015.1.2 |
Affected products
3- ghsa-coords3 versionspkg:pypi/glancepkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%205
>= 2011.2, < 2014.2.4+ 2 more
- (no CPE)range: >= 2011.2, < 2014.2.4
- (no CPE)range: < 2014.2.4.juno-14.1
- (no CPE)range: < 2014.2.4.juno-14.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- github.com/advisories/GHSA-q748-mcwg-xmqvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5251ghsaADVISORY
- security.openstack.org/ossa/OSSA-2015-019.htmlnvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2015:1897ghsaWEB
- access.redhat.com/security/cve/CVE-2015-5251ghsaWEB
- bugs.launchpad.net/bugs/1482371nvdWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- opendev.org/openstack/glanceghsaPACKAGE
- rhn.redhat.com/errata/RHSA-2015-1897.htmlghsaWEB
- rhn.redhat.com/errata/RHSA-2015-1897.htmlnvd
News mentions
0No linked articles in our index yet.