Vulnerability DatabaseCVE-2015-1195
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-1195
Published:January 21, 2015
Updated:May 17, 2026
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.
Related Resources (12)
https://github.com/openstack/glance
http://www.securityfocus.com/bid/71976
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://bugs.launchpad.net/ossa/+bug/1408663
https://github.com/openstack/glance/commit/7d3a1db33ccbd25b9fc7326ce3468eabd2a41a99
http://www.openwall.com/lists/oss-security/2015/01/18/5
http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html
https://github.com/openstack/glance/commit/5191ed1879c5fd5b2694f922bcedec232f461088
https://nvd.nist.gov/vuln/detail/CVE-2015-1195
http://secunia.com/advisories/62169
https://github.com/openstack/glance/commit/a2d986b976e9325a272e2d422465165315d19fe6
http://www.openwall.com/lists/oss-security/2015/01/15/2
Do you need more information?
Contact Us
CVSS v3
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
6.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22
EPSS
Base Score:
1.10