CVE-2015-5251 Information

Description

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

Reference

http://rhn.redhat.com/errata/RHSA-2015-1897.html https://bugs.launchpad.net/bugs/1482371 https://security.openstack.org/ossa/OSSA-2015-019.html