Key Information Vulnerability ID: [OSSA 2014-012] and CVE-2014-0162 Vulnerability Type: Remote Code Execution Affected Product: Glance's Sheepdog backend Severity: - Glance: Critical - Havana: Undecided - OpenStack Security Advisory: High Reporter: Paul McMillan Report Date: 2014-03-28 CVE Reference: 2014-0162 Fix Status: - Glance: Fix Released - Havana: Fix Committed - OpenStack Security Advisory: Fix Released Related Patch Submission: - https://github.com/openstack/glance/blob/9e9ce645e39d55b4da540b15b41f85bd2b4bd518/glance/store/sheepdog.py#L75 Vulnerability Description: The Sheepdog backend allows attackers to remotely execute arbitrary code under the Glance user context. The report notes that a specially crafted ID is required to trigger the injection, but there is a possibility for non-admin users to trigger the injection. Mitigation Recommendation: The code must be rewritten to eliminate the need for . It is recommended to disable the Sheepdog backend by removing from the list in . Fix Discussion: Includes patches for different versions (e.g., master and Havana), along with details on adjustments to test cases.