Title: Glance v2 API unrestricted path traversal through filesystem:// scheme
Reporter: Jin Liu (EMC)
Versions: up to 2014.1.3 and 2014.2 versions up to 2014.2.1
Jin Liu from EMC reported that path traversal vulnerabilities in Glance were not fully patched in OSSA 2014-041. By setting a malicious image location to a filesystem:// scheme an authenticated user can still download or delete any file on the Glance server for which the Glance process user has access to. Only setups using the Glance V2 API are affected by this flaw.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Jin Liu of EMC as the original reporter.
CVE request: http://seclists.org/oss-sec/2015/q1/124
The fix for CVE-2014-9493 is complete and openstack-glance for Red Hat Enterprise Linux Open Stack Platform 4.0 and 5.0 is not affected by this issue.
This issue did not affect the version of openstack-glance as shipped with Red Hat Enterprise Linux Open Stack Platform 6.0.