CVE-2014-9493

EPSS 0.75%

Published: 1/7/2015Modified: 4/28/2026

Description

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

Affected packages (1)

Debian/glancefrom 0, < 2014.1.3-6

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9493