{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-23T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-06T18:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2015:0246", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/glance/+bug/1400966"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2014-041.html"}, {"name": "71688", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71688"}, {"name": "[openstack-announce] 20141223 [OSSA-2014-041] Glance v2 API unrestricted path traversal", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9493", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2015:0246", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html"}, {"name": "https://bugs.launchpad.net/glance/+bug/1400966", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/glance/+bug/1400966"}, {"name": "https://security.openstack.org/ossa/OSSA-2014-041.html", "refsource": "CONFIRM", "url": "https://security.openstack.org/ossa/OSSA-2014-041.html"}, {"name": "71688", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71688"}, {"name": "[openstack-announce] 20141223 [OSSA-2014-041] Glance v2 API unrestricted path traversal", "refsource": "MLIST", "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:47:41.357Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:0246", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/glance/+bug/1400966"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.openstack.org/ossa/OSSA-2014-041.html"}, {"name": "71688", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71688"}, {"name": "[openstack-announce] 20141223 [OSSA-2014-041] Glance v2 API unrestricted path traversal", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9493", "datePublished": "2015-01-07T19:00:00.000Z", "dateReserved": "2015-01-03T00:00:00.000Z", "dateUpdated": "2024-08-06T13:47:41.357Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "5A5066B6-4A70-478B-9B88-6A64CA1DD9B0", "versionEndExcluding": "2014.1.4", "versionStartIncluding": "2014.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*", "matchCriteriaId": "46F3833A-DC9F-4E59-96FD-90798863AFEA", "versionEndExcluding": "2014.2.2", "versionStartIncluding": "2014.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property."}, {"lang": "es", "value": "La API V2 en OpenStack Image Registry and Delivery Service (Glance) anterior a 2014.2.2 y 2014.1.4 permite a usuarios remotos autenticados leer o eliminar ficheros a trav\u00e9s de un nombre de ruta completo en un fichero: URL en la propiedad de la localizaci\u00f3n de im\u00e1genes."}], "id": "CVE-2014-9493", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-07T19:59:02.573", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/71688"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/glance/+bug/1400966"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2014-041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/71688"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/glance/+bug/1400966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2014-041.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0246", "cpe": "cpe:/a:redhat:openstack:4::el6", "package": "openstack-glance-0:2013.2.4-3.el6ost", "product_name": "OpenStack 4 for RHEL 6", "release_date": "2015-02-19T00:00:00Z"}, {"advisory": "RHSA-2015:0246", "cpe": "cpe:/a:redhat:openstack:5::el6", "package": "openstack-glance-0:2014.1.3-4.el6ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date": "2015-02-19T00:00:00Z"}, {"advisory": "RHSA-2015:0246", "cpe": "cpe:/a:redhat:openstack:5::el7", "package": "openstack-glance-0:2014.1.3-4.el7ost", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date": "2015-02-19T00:00:00Z"}], "bugzilla": {"description": "openstack-glance: unrestricted path traversal flaw", "id": "1174474", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174474"}, "csaw": false, "cvss": {"cvss_base_score": "5.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.", "It was discovered that an authenticated user could use a path traversal flaw in glance to download or delete any file on the glance server that is accessible to the glance process user. Note that only setups using the OpenStack Image V2 API were affected by this flaw."], "mitigation": {"lang": "en:us", "value": "diff --git a/etc/policy.json b/etc/policy.json\nindex 325f00b..a797f12 100644\n--- a/etc/policy.json\n+++ b/etc/policy.json\n@@ -13,9 +13,9 @@\n\"download_image\": \"\",\n\"upload_image\": \"\",\n- \"delete_image_location\": \"\",\n- \"get_image_location\": \"\",\n- \"set_image_location\": \"\",\n+ \"delete_image_location\": \"role:admin\",\n+ \"get_image_location\": \"role:admin\",\n+ \"set_image_location\": \"role:admin\",\n\"add_member\": \"\",\n\"delete_member\": \"\","}, "name": "CVE-2014-9493", "package_state": [{"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Affected", "package_name": "openstack-glance", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}], "public_date": "2014-12-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-9493\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9493"], "threat_severity": "Important"}

{}