CVE-2014-9493
EPSS 0.75%
Description
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
How to fix CVE-2014-9493
To remediate CVE-2014-9493, upgrade the affected package to a fixed version below.
- Debian/glance—upgrade to 2014.1.3-6 or later
Is CVE-2014-9493 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2014.1.3-6