Vulnerability Details : CVE-2014-0162
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.
Products affected by CVE-2014-0162
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):2013.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:icehouse:rc-1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0162
0.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0162
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2014-0162
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0162
-
https://launchpad.net/bugs/1298698
Bug #1298698 “[OSSA 2014-012] Remote Code Execution in Sheepdog ...” : Bugs : Glance
-
http://www.openwall.com/lists/oss-security/2014/04/10/13
oss-security - [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)
-
http://www.ubuntu.com/usn/USN-2193-1
USN-2193-1: OpenStack Glance vulnerability | Ubuntu security notices
-
http://rhn.redhat.com/errata/RHSA-2014-0455.html
RHSA-2014:0455 - Security Advisory - Red Hat Customer Portal
Jump to