{"url":"http://public2.vulnerablecode.io/api/packages/1036246?format=json","purl":"pkg:deb/debian/cinder@2014.1.3-11%2Bdeb8u1","type":"deb","namespace":"debian","name":"cinder","version":"2014.1.3-11+deb8u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2:21.3.1-1~deb12u1","latest_non_vulnerable_version":"2:21.3.1-1~deb12u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6095?format=json","vulnerability_id":"VCID-7uus-f9pq-qkb5","summary":"An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack project","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10755.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10755.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10755","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39628","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39556","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39531","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39616","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39599","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39534","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39666","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39751","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39765","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39937","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40016","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40045","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54597","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54535","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54605","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54629","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54649","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54644","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54656","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54639","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54618","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10755"},{"reference_url":"https://bugs.launchpad.net/cinder/+bug/1823200","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/cinder/+bug/1823200"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10755","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10755"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10755","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10755"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/cinder/commit/ba785eef5f515b869c0d68016e84bb74f76ab45e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/ba785eef5f515b869c0d68016e84bb74f76ab45e"},{"reference_url":"https://github.com/openstack/os-brick/commit/4047948f1ac8055a025972ad73ec3ec421450775","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/os-brick/commit/4047948f1ac8055a025972ad73ec3ec421450775"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/cinder/PYSEC-2020-228.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/cinder/PYSEC-2020-228.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10755","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10755"},{"reference_url":"https://usn.ubuntu.com/4420-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4420-1"},{"reference_url":"https://usn.ubuntu.com/4420-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4420-1/"},{"reference_url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0086","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0086"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1842748","reference_id":"1842748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1842748"},{"reference_url":"https://github.com/advisories/GHSA-v3m2-pg96-w33m","reference_id":"GHSA-v3m2-pg96-w33m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v3m2-pg96-w33m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4283","reference_id":"RHSA-2020:4283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4391","reference_id":"RHSA-2020:4391","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4391"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050796?format=json","purl":"pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-hd9e-1msb-uqa6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1"}],"aliases":["CVE-2020-10755","GHSA-v3m2-pg96-w33m","PYSEC-2020-228"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uus-f9pq-qkb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16259?format=json","vulnerability_id":"VCID-br4q-499g-vqhg","summary":"OpenStack Cinder, glance, and Nova vulnerable to Path Traversal\nAn issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951","reference_id":"","reference_type":"","scores":[{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.70075","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72771","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72635","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72653","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.7263","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72669","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72682","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72706","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72689","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72679","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72721","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72732","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72724","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72765","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72774","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72764","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72794","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72819","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72782","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.72806","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47951"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://launchpad.net/bugs/1996188","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://launchpad.net/bugs/1996188"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2023-002.html","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2023-002.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5336","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5336"},{"reference_url":"https://www.debian.org/security/2023/dsa-5337","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5337"},{"reference_url":"https://www.debian.org/security/2023/dsa-5338","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/"}],"url":"https://www.debian.org/security/2023/dsa-5338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561","reference_id":"1029561","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562","reference_id":"1029562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563","reference_id":"1029563","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812","reference_id":"2161812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2161812"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951","reference_id":"CVE-2022-47951","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951"},{"reference_url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc","reference_id":"GHSA-7h75-hwxx-qpgc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7h75-hwxx-qpgc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1015","reference_id":"RHSA-2023:1015","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1016","reference_id":"RHSA-2023:1016","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1016"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1017","reference_id":"RHSA-2023:1017","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1017"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1278","reference_id":"RHSA-2023:1278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1279","reference_id":"RHSA-2023:1279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1280","reference_id":"RHSA-2023:1280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1280"},{"reference_url":"https://usn.ubuntu.com/5835-1/","reference_id":"USN-5835-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-1/"},{"reference_url":"https://usn.ubuntu.com/5835-2/","reference_id":"USN-5835-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-2/"},{"reference_url":"https://usn.ubuntu.com/5835-3/","reference_id":"USN-5835-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-3/"},{"reference_url":"https://usn.ubuntu.com/5835-4/","reference_id":"USN-5835-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-4/"},{"reference_url":"https://usn.ubuntu.com/5835-5/","reference_id":"USN-5835-5","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5835-5/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050796?format=json","purl":"pkg:deb/debian/cinder@2:17.0.1-1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-hd9e-1msb-uqa6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:17.0.1-1%252Bdeb11u1"}],"aliases":["CVE-2022-47951","GHSA-7h75-hwxx-qpgc"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-br4q-499g-vqhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55803?format=json","vulnerability_id":"VCID-ggmm-svqw-bkhv","summary":"OpenStack Cinder file disclosure in image convert\nOpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1206.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1206.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1851.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1851.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1851","reference_id":"","reference_type":"","scores":[{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65558","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65542","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65557","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65545","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65509","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65532","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65521","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65427","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65503","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65476","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65569","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66586","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66467","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66442","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66486","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66531","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66504","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66525","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1851"},{"reference_url":"https://bugs.launchpad.net/cinder/+bug/1415087","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/cinder/+bug/1415087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1851"},{"reference_url":"https://github.com/openstack/cinder","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder"},{"reference_url":"https://github.com/openstack/cinder/commit/9634b76ba5886d6c2f2128d550cb005dabf48213","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/9634b76ba5886d6c2f2128d550cb005dabf48213"},{"reference_url":"https://github.com/openstack/cinder/commit/b1143ee45323e63b965a3710f9063e65b252c978","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/b1143ee45323e63b965a3710f9063e65b252c978"},{"reference_url":"https://github.com/openstack/cinder/commit/bc0549e08b010edb863d409d80114aa78d317a61","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/bc0549e08b010edb863d409d80114aa78d317a61"},{"reference_url":"https://github.com/openstack/cinder/commit/d31c937c566005dedf41a60c6b5bd5e7b26f221b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/d31c937c566005dedf41a60c6b5bd5e7b26f221b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1851","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1851"},{"reference_url":"http://www.debian.org/security/2015/dsa-3292","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3292"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/06/13/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/06/13/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/06/17/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/06/17/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/06/17/7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/06/17/7"},{"reference_url":"http://www.ubuntu.com/usn/USN-2703-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2703-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1231817","reference_id":"1231817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1231817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788996","reference_id":"788996","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788996"},{"reference_url":"https://github.com/advisories/GHSA-9hcj-h2qc-689p","reference_id":"GHSA-9hcj-h2qc-689p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9hcj-h2qc-689p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1206","reference_id":"RHSA-2015:1206","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1206"},{"reference_url":"https://usn.ubuntu.com/2703-1/","reference_id":"USN-2703-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2703-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050151?format=json","purl":"pkg:deb/debian/cinder@2:8.0.0-4~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7uus-f9pq-qkb5"},{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-hd9e-1msb-uqa6"},{"vulnerability":"VCID-nyak-4rzf-9fhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:8.0.0-4~bpo8%252B1"}],"aliases":["CVE-2015-1851","GHSA-9hcj-h2qc-689p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggmm-svqw-bkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17695?format=json","vulnerability_id":"VCID-h6rd-5p7q-s3gq","summary":"OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access\nAn issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38394","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38465","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38489","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38404","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38412","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38428","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38413","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38366","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39883","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39802","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43927","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43879","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.43803","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44448","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44417","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44384","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44431","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44353","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498"},{"reference_url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e"},{"reference_url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40"},{"reference_url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9"},{"reference_url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175"},{"reference_url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973"},{"reference_url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f"},{"reference_url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df"},{"reference_url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927"},{"reference_url":"https://launchpad.net/bugs/2059809","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://launchpad.net/bugs/2059809"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32498"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2024-001.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2024-001.html"},{"reference_url":"https://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"https://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/02/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/02/2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761","reference_id":"1074761","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762","reference_id":"1074762","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763","reference_id":"1074763","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663","reference_id":"2278663","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2278663"},{"reference_url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph","reference_id":"GHSA-r4v4-w9pv-6fph","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r4v4-w9pv-6fph"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4272","reference_id":"RHSA-2024:4272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4273","reference_id":"RHSA-2024:4273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4274","reference_id":"RHSA-2024:4274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4425","reference_id":"RHSA-2024:4425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4425"},{"reference_url":"https://usn.ubuntu.com/6882-1/","reference_id":"USN-6882-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-1/"},{"reference_url":"https://usn.ubuntu.com/6882-2/","reference_id":"USN-6882-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6882-2/"},{"reference_url":"https://usn.ubuntu.com/6883-1/","reference_id":"USN-6883-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6883-1/"},{"reference_url":"https://usn.ubuntu.com/6884-1/","reference_id":"USN-6884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6884-1/"},{"reference_url":"https://usn.ubuntu.com/8199-1/","reference_id":"USN-8199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8199-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050797?format=json","purl":"pkg:deb/debian/cinder@2:21.3.1-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1"}],"aliases":["CVE-2024-32498","GHSA-r4v4-w9pv-6fph"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6rd-5p7q-s3gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78415?format=json","vulnerability_id":"VCID-hd9e-1msb-uqa6","summary":"openstack-cinder: silently access other user's volumes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2088.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2088.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2088","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28686","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32496","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32352","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32178","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32056","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31972","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31828","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.319","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31907","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.3253","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32353","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32402","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32429","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32432","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32395","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32367","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32404","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.32381","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34095","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34122","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2088"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035932","reference_id":"1035932","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035932"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035961","reference_id":"1035961","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035961"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035962","reference_id":"1035962","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035962"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035963","reference_id":"1035963","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035963"},{"reference_url":"https://bugs.launchpad.net/bugs/2004555","reference_id":"2004555","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:40:54Z/"}],"url":"https://bugs.launchpad.net/bugs/2004555"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179587","reference_id":"2179587","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179587"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2023-003.html","reference_id":"OSSA-2023-003.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T15:40:54Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2023-003.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3156","reference_id":"RHSA-2023:3156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3157","reference_id":"RHSA-2023:3157","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3157"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3158","reference_id":"RHSA-2023:3158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3161","reference_id":"RHSA-2023:3161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3161"},{"reference_url":"https://usn.ubuntu.com/6073-1/","reference_id":"USN-6073-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6073-1/"},{"reference_url":"https://usn.ubuntu.com/6073-2/","reference_id":"USN-6073-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6073-2/"},{"reference_url":"https://usn.ubuntu.com/6073-3/","reference_id":"USN-6073-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6073-3/"},{"reference_url":"https://usn.ubuntu.com/6073-4/","reference_id":"USN-6073-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6073-4/"},{"reference_url":"https://usn.ubuntu.com/6241-1/","reference_id":"USN-6241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6241-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050797?format=json","purl":"pkg:deb/debian/cinder@2:21.3.1-1~deb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:21.3.1-1~deb12u1"}],"aliases":["CVE-2023-2088"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hd9e-1msb-uqa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83327?format=json","vulnerability_id":"VCID-nyak-4rzf-9fhp","summary":"openstack-cinder: Data retained after deletion of a ScaleIO volume","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15139.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15139.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15139","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.4743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47462","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47483","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47487","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47484","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47506","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47548","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47541","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47493","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.4749","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47438","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47355","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.4742","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47439","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47381","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.4741","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15139","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15139"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599899","reference_id":"1599899","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3601","reference_id":"RHSA-2018:3601","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3601"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0917","reference_id":"RHSA-2019:0917","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0917"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050795?format=json","purl":"pkg:deb/debian/cinder@2:13.0.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7uus-f9pq-qkb5"},{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-hd9e-1msb-uqa6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:13.0.3-1"}],"aliases":["CVE-2017-15139"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyak-4rzf-9fhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15450?format=json","vulnerability_id":"VCID-zy9m-d25c-5uga","summary":"OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption\nA resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits ('prlimit'), which is needed to fix this flaw.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2923.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2923.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2991.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2991.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0153.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0153.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0156.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0156.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0165.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0165.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2017-0282.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2017-0282.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5162","reference_id":"","reference_type":"","scores":[{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87725","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87791","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87785","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.8777","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87756","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87757","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87701","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87763","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87712","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87752","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87723","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87746","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0359","scoring_system":"epss","scoring_elements":"0.87769","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87906","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87861","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87874","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87819","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87832","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87847","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0361","scoring_system":"epss","scoring_elements":"0.87864","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5162"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268303","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5162"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/455b318ced717fb38dfe40014817d78fbc47dea5"},{"reference_url":"https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/glance/commit/69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f"},{"reference_url":"https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/nova/commit/6bc37dcceca823998068167b49aec6def3112397"},{"reference_url":"https://launchpad.net/bugs/1449062","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1449062"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/10/06/8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/10/06/8"},{"reference_url":"http://www.securityfocus.com/bid/76849","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76849"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2015-5162","reference_id":"CVE-2015-5162","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2015-5162"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5162","reference_id":"CVE-2015-5162","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5162"},{"reference_url":"https://github.com/advisories/GHSA-g2j5-7vgx-6xrx","reference_id":"GHSA-g2j5-7vgx-6xrx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g2j5-7vgx-6xrx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2923","reference_id":"RHSA-2016:2923","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2923"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2991","reference_id":"RHSA-2016:2991","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2991"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0153","reference_id":"RHSA-2017:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0156","reference_id":"RHSA-2017:0156","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0165","reference_id":"RHSA-2017:0165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0282","reference_id":"RHSA-2017:0282","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0282"},{"reference_url":"https://usn.ubuntu.com/3449-1/","reference_id":"USN-3449-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3449-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050151?format=json","purl":"pkg:deb/debian/cinder@2:8.0.0-4~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7uus-f9pq-qkb5"},{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-hd9e-1msb-uqa6"},{"vulnerability":"VCID-nyak-4rzf-9fhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:8.0.0-4~bpo8%252B1"}],"aliases":["CVE-2015-5162","GHSA-g2j5-7vgx-6xrx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zy9m-d25c-5uga"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55803?format=json","vulnerability_id":"VCID-ggmm-svqw-bkhv","summary":"OpenStack Cinder file disclosure in image convert\nOpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1206.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1206.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1851.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1851.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1851","reference_id":"","reference_type":"","scores":[{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65558","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65542","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65557","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65545","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65509","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65532","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65521","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65427","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65503","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65476","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65569","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66586","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66467","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66442","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66486","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66531","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66504","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66525","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1851"},{"reference_url":"https://bugs.launchpad.net/cinder/+bug/1415087","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/cinder/+bug/1415087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1851"},{"reference_url":"https://github.com/openstack/cinder","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder"},{"reference_url":"https://github.com/openstack/cinder/commit/9634b76ba5886d6c2f2128d550cb005dabf48213","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/9634b76ba5886d6c2f2128d550cb005dabf48213"},{"reference_url":"https://github.com/openstack/cinder/commit/b1143ee45323e63b965a3710f9063e65b252c978","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/b1143ee45323e63b965a3710f9063e65b252c978"},{"reference_url":"https://github.com/openstack/cinder/commit/bc0549e08b010edb863d409d80114aa78d317a61","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/bc0549e08b010edb863d409d80114aa78d317a61"},{"reference_url":"https://github.com/openstack/cinder/commit/d31c937c566005dedf41a60c6b5bd5e7b26f221b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/d31c937c566005dedf41a60c6b5bd5e7b26f221b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1851","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1851"},{"reference_url":"http://www.debian.org/security/2015/dsa-3292","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3292"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/06/13/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/06/13/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/06/17/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/06/17/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/06/17/7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/06/17/7"},{"reference_url":"http://www.ubuntu.com/usn/USN-2703-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2703-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1231817","reference_id":"1231817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1231817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788996","reference_id":"788996","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788996"},{"reference_url":"https://github.com/advisories/GHSA-9hcj-h2qc-689p","reference_id":"GHSA-9hcj-h2qc-689p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9hcj-h2qc-689p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1206","reference_id":"RHSA-2015:1206","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1206"},{"reference_url":"https://usn.ubuntu.com/2703-1/","reference_id":"USN-2703-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2703-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036246?format=json","purl":"pkg:deb/debian/cinder@2014.1.3-11%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7uus-f9pq-qkb5"},{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-ggmm-svqw-bkhv"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-hd9e-1msb-uqa6"},{"vulnerability":"VCID-nyak-4rzf-9fhp"},{"vulnerability":"VCID-zy9m-d25c-5uga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2014.1.3-11%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1050151?format=json","purl":"pkg:deb/debian/cinder@2:8.0.0-4~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7uus-f9pq-qkb5"},{"vulnerability":"VCID-br4q-499g-vqhg"},{"vulnerability":"VCID-h6rd-5p7q-s3gq"},{"vulnerability":"VCID-hd9e-1msb-uqa6"},{"vulnerability":"VCID-nyak-4rzf-9fhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2:8.0.0-4~bpo8%252B1"}],"aliases":["CVE-2015-1851","GHSA-9hcj-h2qc-689p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggmm-svqw-bkhv"}],"risk_score":"4.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cinder@2014.1.3-11%252Bdeb8u1"}