5.5
CVE-2014-9493
- EPSS 2.77%
- Veröffentlicht 07.01.2015 19:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.77% | 0.844 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:P
|
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html
http://rhn.redhat.com/errata/RHSA-2015-0246.html
http://www.securityfocus.com/bid/71688
https://bugs.launchpad.net/glance/+bug/1400966
https://security.openstack.org/ossa/OSSA-2014-041.html