CVE-2014-0162 — Improper Input Validation in Project Glance

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection10 documents8 sources

Severity

6.0MEDIUMNVD

EPSS

0.6%

top 31.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glance Project Glance Openstack Icehouse Openstack Image Registry AND Delivery Service

Timeline

PublishedApr 27

Latest updateMay 17

Description

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages4 packages

▶NVDopenstack/image_registry_and_delivery_service4 versions+3

▶NVDopenstack/icehouserc-1

▶PyPIglance_project/glance2013.2 — 2013.2.4

▶Debianglance_project/glance< 2014.1-1+3

🔴Vulnerability Details

GHSA

OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability↗2022-05-17

▶

OSV

OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability↗2022-05-17

▶

OSV

CVE-2014-0162: The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013↗2014-04-27

▶

CVEList

CVE-2014-0162: The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013↗2014-04-27

▶

📋Vendor Advisories

Ubuntu

OpenStack Glance vulnerability↗2014-05-05

▶

Red Hat

openstack-glance: remote code execution in Glance Sheepdog backend↗2014-04-10

▶

Debian

CVE-2014-0162: glance - The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2...↗2014

▶

💬Community

Bugzilla

CVE-2014-0162 openstack-glance: remote code execution in Glance Sheepdog backend [fedora-20]↗2014-04-11

▶

Bugzilla

CVE-2014-0162 openstack-glance: remote code execution in Glance Sheepdog backend↗2014-04-08

▶