CVE-2015-1851
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
OpenStack Cinder file disclosure in image convert
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2015-1851
Vendor advisory: secalert@redhat.com — http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2015.1.0+2015.06.16.git26.9634b76ba5-1 |
| debian | bullseye | fixed | 2015.1.0+2015.06.16.git26.9634b76ba5-1 |
| debian | forky | fixed | 2015.1.0+2015.06.16.git26.9634b76ba5-1 |
| debian | sid | fixed | 2015.1.0+2015.06.16.git26.9634b76ba5-1 |
| debian | trixie | fixed | 2015.1.0+2015.06.16.git26.9634b76ba5-1 |
| ubuntu | 15.04 | affected | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | cinder | <7.0.0a0 | 7.0.0a0 |
References
- http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html
- http://rhn.redhat.com/errata/RHSA-2015-1206.html
- http://www.debian.org/security/2015/dsa-3292
- http://www.openwall.com/lists/oss-security/2015/06/13/1
- http://www.openwall.com/lists/oss-security/2015/06/17/2
- http://www.openwall.com/lists/oss-security/2015/06/17/7
- http://www.ubuntu.com/usn/USN-2703-1
- https://bugs.launchpad.net/cinder/+bug/1415087
- https://nvd.nist.gov/vuln/detail/CVE-2015-1851
- https://github.com/openstack/cinder/commit/9634b76ba5886d6c2f2128d550cb005dabf48213
- https://github.com/openstack/cinder/commit/b1143ee45323e63b965a3710f9063e65b252c978
- https://github.com/openstack/cinder/commit/bc0549e08b010edb863d409d80114aa78d317a61
- https://github.com/openstack/cinder/commit/d31c937c566005dedf41a60c6b5bd5e7b26f221b
- https://github.com/openstack/cinder
- https://security-tracker.debian.org/tracker/CVE-2015-1851
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.