Date: Sun, 18 Jan 2015 15:02:42 -0500 (EST) From: cve-assign@...re.org To: Tristan Cacqueray <tristan.cacqueray@...vance.com> cc: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: Re: [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme On Thu, 15 Jan 2015, Tristan Cacqueray wrote: > ===================================================================================== > OSSA-2015-002: Glance v2 API unrestricted path traversal through filesystem:// scheme > ===================================================================================== > > :Date: January 15, 2015 > :CVE: Requested > > > Affects > ~~~~~~~ > - Glance: up to 2014.1.3 and 2014.2 versions up to 2014.2.1 > > > Description > ~~~~~~~~~~~ > Jin Liu from EMC reported that path traversal vulnerabilities in > Glance were not fully patched in OSSA 2014-041. By setting a malicious > image location to a filesystem:// scheme an authenticated user can > still download or delete any file on the Glance server for which the > Glance process user has access to. Only setups using the Glance V2 API > are affected by this flaw. > > > Patches > ~~~~~~~ > - https://review.openstack.org/145974 (Icehouse) > - https://review.openstack.org/145916 (Juno) > - https://review.openstack.org/145640 (Kilo) > > > Credits > ~~~~~~~ > - Jin Liu from EMC > > > References > ~~~~~~~~~~ > - https://launchpad.net/bugs/1408663 > > > Notes > ~~~~~ > - This fix was included in the kilo-1 development milestone and will be > included in future 2014.2.2 (juno) and 2014.1.4 (icehouse) releases. > - The OpenStack VMT recommends revoking all credentials stored in files > accessible by Glance as a precautionary measure. > - A CVE has been requested for this issue, the OpenStack VMT will issue an > errata with the correct CVE number assigned once this information is > available. > > -- > Tristan Cacqueray > OpenStack Vulnerability Management Team Use CVE-2015-1195. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ