CVE-2014-9493

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):*:*:*:*:*:*:*:*

Information

Published : 2015-01-07 11:59

Updated : 2019-02-01 10:09


NVD link : CVE-2014-9493

Mitre link : CVE-2014-9493


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

openstack

  • image_registry_and_delivery_service_\(glance\)

redhat

  • openstack