Arbitrary Code Execution

2019-01-1509:01:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

JSON

openstack-glance is vulnerable to arbitrary code execution attacks. The vulnerability exists as the Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.

CPENameOperatorVersion
openstack-glanceeq2013.2.1__3.el6ost
openstack-glanceeq2013.1.5__1.el6ost
openstack-glanceeq2012.2.1__5.el6ost
openstack-glanceeq2013.1.4__1.el6ost
openstack-glanceeq2013.1__3.el6ost
openstack-glanceeq2013.1.4__2.el6ost
openstack-glanceeq2012.1.2__2.el6
openstack-glanceeq2012.2.3__3.el6ost
openstack-glanceeq2012.2.1__4.el6ost
openstack-glanceeq2012.2.3__9.el6ost

Name	Operator	Version
openstack-glance	eq	2013.2.1__3.el6ost
openstack-glance	eq	2013.1.5__1.el6ost
openstack-glance	eq	2012.2.1__5.el6ost
openstack-glance	eq	2013.1.4__1.el6ost
openstack-glance	eq	2013.1__3.el6ost
openstack-glance	eq	2013.1.4__2.el6ost
openstack-glance	eq	2012.1.2__2.el6
openstack-glance	eq	2012.2.3__3.el6ost
openstack-glance	eq	2012.2.1__4.el6ost
openstack-glance	eq	2012.2.3__9.el6ost