CVE-2015-1195 (GCVE-0-2015-1195)
Vulnerability from cvelistv5 – Published: 2015-01-21 18:00 – Updated: 2024-08-06 04:33
VLAI
EPSS
VEX
Summary
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://lists.openstack.org/pipermail/openstack-an… | mailing-listx_refsource_MLIST |
| https://bugs.launchpad.net/ossa/+bug/1408663 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2015/01/18/5 | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/62169 | third-party-advisoryx_refsource_SECUNIA |
| http://www.openwall.com/lists/oss-security/2015/01/15/2 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/71976 | vdb-entryx_refsource_BID |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
Date Public
2015-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[openstack-announce] 20150120 [OSSA 2015-002.1] Glance v2 API unrestricted path traversal through filesystem:// scheme (CVE-2015-1195) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ossa/+bug/1408663"
},
{
"name": "[oss-security] 20150118 Re: [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/18/5"
},
{
"name": "62169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62169"
},
{
"name": "[oss-security] 20150115 [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/15/2"
},
{
"name": "71976",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71976"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[openstack-announce] 20150120 [OSSA 2015-002.1] Glance v2 API unrestricted path traversal through filesystem:// scheme (CVE-2015-1195) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ossa/+bug/1408663"
},
{
"name": "[oss-security] 20150118 Re: [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/18/5"
},
{
"name": "62169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62169"
},
{
"name": "[oss-security] 20150115 [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/15/2"
},
{
"name": "71976",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71976"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[openstack-announce] 20150120 [OSSA 2015-002.1] Glance v2 API unrestricted path traversal through filesystem:// scheme (CVE-2015-1195) ERRATA 1",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html"
},
{
"name": "https://bugs.launchpad.net/ossa/+bug/1408663",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ossa/+bug/1408663"
},
{
"name": "[oss-security] 20150118 Re: [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/18/5"
},
{
"name": "62169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62169"
},
{
"name": "[oss-security] 20150115 [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/15/2"
},
{
"name": "71976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71976"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1195",
"datePublished": "2015-01-21T18:00:00.000Z",
"dateReserved": "2015-01-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T04:33:20.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-1195",
"date": "2026-07-11",
"epss": "0.02769",
"percentile": "0.84601"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-1195\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-01-21T18:59:56.090\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.\"},{\"lang\":\"es\",\"value\":\"La API V2 en OpenStack Image Registry and Delivery Service (Glance) anterior a 2014.1.4 y 2014.2.x anterior a 2014.2.2 permite a usuarios remotos autenticados leer o eliminar ficheros arbitrarios a trav\u00e9s de un nombre de ruta completo en una URL filesystem: en la propiedad de la localizaci\u00f3n de im\u00e1genes. NOTA: esta vulnerabilidad existe debida a una soluciona incompleta para CVE-2014-9493.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\\\(glance\\\\):*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2014.1\",\"versionEndExcluding\":\"2014.1.4\",\"matchCriteriaId\":\"5A5066B6-4A70-478B-9B88-6A64CA1DD9B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:image_registry_and_delivery_service_\\\\(glance\\\\):*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2014.2\",\"versionEndExcluding\":\"2014.2.2\",\"matchCriteriaId\":\"46F3833A-DC9F-4E59-96FD-90798863AFEA\"}]}]}],\"references\":[{\"url\":\"http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/62169\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/01/15/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/01/18/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/71976\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugs.launchpad.net/ossa/+bug/1408663\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/62169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/01/15/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/01/18/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/71976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugs.launchpad.net/ossa/+bug/1408663\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2025-11-21T12:22:31+00:00",
"cve": "CVE-2015-1195",
"id": "CVE-2015-1195",
"initial_release_date": "2015-01-12T00:00:00+00:00",
"product_status:known_not_affected": "3",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "openstack-glance: unrestricted path traversal flaw (incomplete fix for CVE-2014-9493) (OSSA 2015-002)",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2015/cve-2015-1195.json",
"version": "3"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…