Openstack · Openstack Image Registry/Delivery Service · CVE-2014-9493
**Name of the Vulnerable Software and Affected Versions**
OpenStack Image Registry and Delivery Service (Glance) versions prior to 2014.2.2
OpenStack Image Registry and Delivery Service (Glance) version 2014.1.4
**Description**
The issue allows remote authenticated users to read or delete arbitrary files via a full pathname in a `file:` URL in the `image location` property. This is related to the V2 API in OpenStack Image Registry and Delivery Service (Glance).
**Recommendations**
For versions prior to 2014.2.2, update to version 2014.2.2 or later.
For version 2014.1.4, update to a later version.
As a temporary workaround, consider restricting access to the V2 API until a patch is available.