CVE-2014-9493

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-01-07 19:59

Updated : 2024-02-28 12:20


NVD link : CVE-2014-9493

Mitre link : CVE-2014-9493

CVE.ORG link : CVE-2014-9493


JSON object : View

Products Affected

openstack

  • image_registry_and_delivery_service_\(glance\)

redhat

  • openstack
CWE
CWE-264

Permissions, Privileges, and Access Controls