Access Restriction Bypass Affecting glance package, versions <1:11.0.0-1
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-GLANCE-517950
- published 26 Oct 2015
- disclosed 26 Oct 2015
Introduced: 26 Oct 2015
CVE-2015-5251 Open this link in a new tabHow to fix?
Upgrade Debian:11
glance
to version 1:11.0.0-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream glance
package and not the glance
package as distributed by Debian:11
.
See How to fix?
for Debian:11
relevant fixed versions and status.
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.