CVE-2014-0162 – glance

Package

Manager: pip
Name: glance
Vulnerable Version: >=2013.2 <2013.2.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00557 pctl0.67169

Details

OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.

Metadata

Created: 2022-05-17T04:42:42Z
Modified: 2023-02-08T19:59:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r7pj-rvwg-vxhr/GHSA-r7pj-rvwg-vxhr.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-r7pj-rvwg-vxhr
Finding: F184
Auto approve: 1