PT-2014-3508 · Openstack · Openstack Image Registry/Delivery Service
Paul Mcmillan
+1
·
Published
2014-04-27
·
Updated
2023-02-13
·
CVE-2014-0162
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OpenStack Image Registry and Delivery Service (Glance) versions 2013.2 before 2013.2.4
OpenStack Image Registry and Delivery Service (Glance) versions icehouse before icehouse-rc2
Description
The issue allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.
Recommendations
For OpenStack Image Registry and Delivery Service (Glance) versions 2013.2 before 2013.2.4, update to version 2013.2.4 or later.
For OpenStack Image Registry and Delivery Service (Glance) versions icehouse before icehouse-rc2, update to version icehouse-rc2 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Image Registry/Delivery Service