Date: Sat, 3 Jan 2015 19:01:27 -0500 (EST) From: cve-assign@...re.org To: Grant Murphy <grant.murphy@...com> cc: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: Re: [grant.murphy@...com: CVE request for vulnerability in OpenStack Glance] >> A vulnerability was discovered in OpenStack (see below). In order to >> ensure full traceability, we need a CVE number assigned that we can >> attach to further notifications. This issue is already public, although >> an advisory was not sent yet. >> >> Title: Glance v2 API unrestricted path traversal >> Reporter: Masahito Muroi (NTT) >> Products: Glance >> Versions: up to 2014.1.3 and 2014.2 version up to 2014.2.1 >> >> Description: Masahito Muroi from NTT reported a vulnerability in >> Glance. By setting a malicious image location an authenticated user can >> download or delete any file on the Glance server for which the Glance >> process user has access to. Only setups using the Glance V2 API are >> affected by this flaw. >> >> References: >> https://launchpad.net/bugs/1400966 Use CVE-2014-9493. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ