MEDIUM

GHSA-r7pj-rvwg-vxhr

OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability

Details

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / glance

Introduced in: 2013.2 Fixed in: 2013.2.4

Fix pip install --upgrade 'glance>=2013.2.4'

References

https://nvd.nist.gov/vuln/detail/CVE-2014-0162 [ADVISORY]
https://access.redhat.com/errata/RHSA-2014:0455 [WEB]
https://access.redhat.com/security/cve/CVE-2014-0162 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=1085163 [WEB]
https://launchpad.net/bugs/1298698 [WEB]
https://opendev.org/openstack/glance [PACKAGE]
http://rhn.redhat.com/errata/RHSA-2014-0455.html [WEB]
http://www.openwall.com/lists/oss-security/2014/04/10/13 [WEB]
http://www.ubuntu.com/usn/USN-2193-1 [WEB]