CVE-2014-0162

EUVD-2022-5126
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
openstackimage_registry_and_delivery_service_\(glance\)
2013.2
openstackimage_registry_and_delivery_service_\(glance\)
2013.2.1
openstackimage_registry_and_delivery_service_\(glance\)
2013.2.2
openstackimage_registry_and_delivery_service_\(glance\)
2013.2.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glance
bookworm
2:25.1.0-2+deb12u1
fixed
bookworm (security)
2:25.1.0-2+deb12u1
fixed
bullseye
2:21.0.0-2+deb11u1
fixed
bullseye (security)
2:21.1.0-1+deb11u2
fixed
sid
2:29.0.0-1
fixed
trixie
2:29.0.0-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glance
lucid
dne
precise
not-affected
quantal
not-affected
saucy
Fixed 1:2013.2.3-0ubuntu1.1
released
trusty
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2014-0455.html
http://www.openwall.com/lists/oss-security/2014/04/10/13
http://www.ubuntu.com/usn/USN-2193-1
https://launchpad.net/bugs/1298698
http://rhn.redhat.com/errata/RHSA-2014-0455.html
http://www.openwall.com/lists/oss-security/2014/04/10/13
http://www.ubuntu.com/usn/USN-2193-1
https://launchpad.net/bugs/1298698