Remote Code Execution Vulnerability in OpenStack Image Registry by Red Hat
CVE-2014-0162

Currently unrated

Key Information:

Vendor: Openstack
Status: Image Registry And Delivery Service \(glance\); Icehouse
Vendor: CVE Published:; 27 April 2014

Summary

The Sheepdog backend in the OpenStack Image Registry and Delivery Service (Glance) versions 2013.2 before 2013.2.4 and Icehouse before icehouse-rc2 is susceptible to remote code execution. This issue arises when remote authenticated users, who have the permissions to insert or modify an image, exploit a crafted location to execute arbitrary commands. This vulnerability highlights the importance of ensuring that appropriate access controls and validations are in place to protect against unauthorized command execution.

References

http://www.ubuntu.com/usn/USN-2193-1

vendor-advisoryx_refsource_UBUNTU

https://launchpad.net/bugs/1298698

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2014/04/10/13

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Apr 27, 2014
Vulnerability Reserved
Dec 3, 2013