[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-9493Date: (C)2015-01-08   (M)2023-12-22


The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.5
Exploit Score: 8.0
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: NONE
Availability: PARTIAL
  
Reference:
BID-71688
RHSA-2015:0246
http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://bugs.launchpad.net/glance/+bug/1400966
https://security.openstack.org/ossa/OSSA-2014-041.html

CPE    1
cpe:/a:redhat:openstack:4.0
CWE    1
CWE-264

© SecPod Technologies