{"id":"CVE-2015-8234","details":"The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.","aliases":["GHSA-wmhw-fvg9-87fc","PYSEC-2017-143"],"modified":"2026-04-10T03:45:29.879174Z","published":"2017-03-29T14:59:00Z","references":[{"type":"ADVISORY","url":"http://seclists.org/oss-sec/2015/q4/303"},{"type":"ADVISORY","url":"https://bugs.launchpad.net/glance/+bug/1516031"},{"type":"ADVISORY","url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0061"},{"type":"ARTICLE","url":"http://seclists.org/oss-sec/2015/q4/303"},{"type":"FIX","url":"https://bugs.launchpad.net/glance/+bug/1516031"},{"type":"REPORT","url":"https://bugs.launchpad.net/glance/+bug/1516031"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}