← Back

CVE-2014-9493

nvd nist
Published: Jan 7, 2015Modified: May 6, 2026

JSON object

Loading...
5.5
Vector
AV:N/AC:L/Au:S/C:P/I:N/A:P
Exploitability: 8.0 / Impact: 4.9
Source: NVD

Description

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

Affected (4)

Redhat
1 product
Openstack
Openstack
1 product
Image Registry And Delivery Service (glance)
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Openstack
Version 4.0
Openstack
Version 5.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Openstack
Image Registry And Delivery Service (glance)
From 2014.1 to 2014.1.4
Image Registry And Delivery Service (glance)
From 2014.2 to 2014.2.2

Related CWEs

CWE-264
CWE-264

References (12)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Issue TrackingThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.