Vulnerability in Openstack Essex
CVE-2012-4573
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
EPSS: 0.008 (75.1th percentile) — read the EPSS interpretation.
Affected products
- Openstack Essex — versions 2012.1
- Openstack Folsom — versions 2012.2
- Openstack Image_registry_and_delivery_service_\(glance\)
- N/a — versions n/a
Weakness classification (CWE)
References
- 51174 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- 51234 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- USN-1626-1 (x_refsource_UBUNTU, vendor-advisory)
- RHSA-2012:1558 (x_refsource_REDHAT, vendor-advisory)
- 56437 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM)
- FEDORA-2012-17901 (x_refsource_FEDORA, vendor-advisory)
- [oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) (mailing-list, x_refsource_MLIST)
- [oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1 (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_MISC)