Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9493

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2014-9493
Last Modified 25 Feb 2015 09:59:28
Published 07 Jan 2015 02:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-9493

Summary

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

Vulnerable Systems

Application

  • Openstack Image Registry And Delivery Service %28glance%29 2014.1.3

  • Openstack Image Registry And Delivery Service %28glance%29 2014.2.1


References

CONFIRM - https://bugs.launchpad.net/glance/+bug/1400966

MLIST - [openstack-announce] 20141223 [OSSA-2014-041] Glance v2 API unrestricted path traversal

REDHAT - RHSA-2015:0246


Last Updated: 27 May 2016 11:07:28