| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.0 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, has been found in OpenStack icehouse Rc-1. Affected is an unknown function of the component Registry. The manipulation leads to input validation. This vulnerability is uniquely identified as CVE-2014-0162. No exploit exists. It is advisable to upgrade the affected component.
Details
A vulnerability was found in OpenStack icehouse Rc-1 (Cloud Software). It has been rated as critical. This issue affects an unknown functionality of the component Registry. The manipulation with an unknown input leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.
The weakness was disclosed 04/27/2014 (Website). The advisory is shared at launchpad.net. The identification of this vulnerability is CVE-2014-0162 since 12/03/2013. The attack may be initiated remotely. The successful exploitation needs a simple authentication. Neither technical details nor an exploit are publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 73972 (Fedora 20 : openstack-glance-2013.2.3-3.fc20 (2014-5198)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 195471 (Ubuntu Security Notification for OpenStack Glance Vulnerability (USN-2193-1)).
Upgrading to version Rc-1 eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (92405), Tenable (73972), SecurityFocus (BID 65507†) and Vulnerability Center (SBV-44451†). The entry VDB-66386 is pretty similar. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.openstack.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.3VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 73972
Nessus Name: Fedora 20 : openstack-glance-2013.2.3-3.fc20 (2014-5198)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 867735
OpenVAS Name: Fedora Update for openstack-glance FEDORA-2014-5198
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: icehouse Rc-1
Timeline
12/03/2013 🔍01/31/2014 🔍
04/10/2014 🔍
04/27/2014 🔍
04/27/2014 🔍
05/12/2014 🔍
05/13/2014 🔍
03/25/2015 🔍
05/12/2026 🔍
Sources
Vendor: openstack.orgAdvisory: USN-2193-1
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-0162 (🔍)
GCVE (CVE): GCVE-0-2014-0162
GCVE (VulDB): GCVE-100-69497
OVAL: 🔍
X-Force: 92405
SecurityFocus: 65507 - OpenStack Glance Information Disclosure Vulnerability
Vulnerability Center: 44451 - OpenStack Glance and Icehouse Remote Code Execution in the Sheepdog Backend via a Crafted Location, Medium
See also: 🔍
Entry
Created: 03/25/2015 16:45Updated: 05/12/2026 02:06
Changes: 03/25/2015 16:45 (69), 05/27/2017 23:12 (4), 03/15/2022 16:03 (3), 03/15/2022 16:09 (1), 03/15/2022 16:16 (1), 12/22/2024 07:27 (18), 05/12/2026 02:06 (1)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.