CVE-2015-1195

2015-01-21 19:59:56 2019-02-04 19:52:44

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Advisory	Patch	Confirmed	Link
			71976
			http://www.oracle.com/technetwork/topics/security/bullet...
			[oss-security] 20150118 Re: [OSSA 2015-002] Glance v2 AP...
			[oss-security] 20150115 [OSSA 2015-002] Glance v2 API un...
			[openstack-announce] 20150120 [OSSA 2015-002.1] Glance v...
			https://bugs.launchpad.net/ossa/+bug/1408663

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)

Related CVE(s) 1 CVE-2014-9493 CVSS 5.5