NVD

Id
36184  
Name
CVE-2014-9493  
Description
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.  
Reject
 
CVSS Version
2  
CVSS Score
5.5  
Severity
Medium  
CVSS Base Score
5.5  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:N/A:P)  
Pub Date
2017-01-19  
Published
2015-01-07  
Modified Date
2016-12-07  
Seq
2014-9493  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
184890 36184 CVE-2014-9493 [openstack-announce] 20141223 [OSSA-2014-041] Glance v2 API unrestricted path traversal  View
184891 36184 CVE-2014-9493 RHSA-2015:0246  View
184892 36184 CVE-2014-9493 http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html  View
184893 36184 CVE-2014-9493 71688  View
184894 36184 CVE-2014-9493 https://bugs.launchpad.net/glance/+bug/1400966  View
184895 36184 CVE-2014-9493 https://security.openstack.org/ossa/OSSA-2014-041.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18664 JVNDB-2014-007539 OpenStack Image Registry and Delivery Service の V2 API における任意のファイルを読まれる脆弱性 OpenStack Image Registry and Delivery Service (Glance) の V2 API には、任意のファイルを読まれる、または削除される脆弱性が存在します。 CVE-2014-9493 76786 CVE-2014-9493 36184 5.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007539.html 2014-12-10 2015-05-25 View