suse · CVE-2015-7548

Quick triage

Priority: medium Published: 2021-05-30 13:33:54 UTC Updated: 2025-04-16 23:40:33 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-7548 severity moderate: SUSE including 54 source package names (openstack-keystone-2014.2.4.juno-17.1, openstack-keystone-doc-2014.2.4.juno-17.2, …), 67 product×package rows across 3 product lines (SUSE OpenStack Cloud 5, SUSE OpenStack Cloud 6, SUSE OpenStack Cloud 7): Fixed 39, Known Not Affected 28.

Description:

OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.

cvelogic Threat Intelligence