Lucene search

[email protected]CVE-2014-9493

HistoryJan 07, 2015 - 7:59 p.m.

CVE-2014-9493

2015-01-0719:59:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-9493

openstack

image registry

glance

api

authenticated users

file deletion

remote access

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.2%

JSON

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

Affected configurations

NVD

Node

redhatopenstackMatch4.0

redhatopenstackMatch5.0

Node

openstackimage_registry_and_delivery_service_\(glance\)Range2014.1–2014.1.4

openstackimage_registry_and_delivery_service_\(glance\)Range2014.2–2014.2.2

CPENameOperatorVersion
redhat:openstackredhat openstackeq4.0
redhat:openstackredhat openstackeq5.0

CPE	Name	Operator	Version
redhat:openstack	redhat openstack	eq	4.0
redhat:openstack	redhat openstack	eq	5.0

References

lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html

rhn.redhat.com/errata/RHSA-2015-0246.html

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.securityfocus.com/bid/71688

bugs.launchpad.net/glance/+bug/1400966

security.openstack.org/ossa/OSSA-2014-041.html

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

6.2 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.2%

JSON

Related for CVE-2014-9493

prion2 nvd2 redhat1 veracode1 cvelist2 debiancve2 cve1 ubuntucve2 github1