CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2014-9493 – openstack-glance: unrestricted path traversal flaw
https://notcve.org/view.php?id=CVE-2014-9493
07 Jan 2015 — The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. La API V2 en OpenStack Image Registry and Delivery Service (Glance) anterior a 2014.2.2 y 2014.1.4 permite a usuarios remotos autenticados leer o eliminar ficheros a través de un nombre de ruta completo en un fichero: URL en la propiedad de la localización de imágenes. It was di... • http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-264: Permissions, Privileges, and Access Controls •