CVE-2014-9493
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
Date published : 2015-01-07
http://www.securityfocus.com/bid/71688
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html