The V2 API in OpenStack Image Registry and Delivery Service (Glance) prior to 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat openstack 5.0 |
||
redhat openstack 4.0 |
||
openstack image registry and delivery service \\(glance\\) |