Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9493


Vulnerability Score 5.5 5.5
CVE Id CVE-2014-9493
Last Modified 25 Feb 2015 09:59:28
Published 07 Jan 2015 02:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE



The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

Vulnerable Systems


  • Openstack Image Registry And Delivery Service %28glance%29 2014.1.3

  • Openstack Image Registry And Delivery Service %28glance%29 2014.2.1



MLIST - [openstack-announce] 20141223 [OSSA-2014-041] Glance v2 API unrestricted path traversal

REDHAT - RHSA-2015:0246

Last Updated: 27 May 2016 11:07:28