Vulnerability in Openstack Essex
CVE-2012-5482
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete…
EPSS: 0.014 (80.8th percentile) — read the EPSS interpretation.
Affected products
- Openstack Essex — versions 2012.1
- Openstack Folsom — versions 2012.2
- Openstack Image_registry_and_delivery_service_\(glance\)
- N/a — versions n/a
Weakness classification (CWE)
References
- 51174 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- [oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM)
- 56437 (vdb-entry, x_refsource_BID)
- glance-v2api-security-bypass(80019) (vdb-entry, x_refsource_XF)
- FEDORA-2012-17901 (x_refsource_FEDORA, vendor-advisory)
- [oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) (mailing-list, x_refsource_MLIST)
- [oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1 (mailing-list, x_refsource_MLIST)
- 87248 (x_refsource_OSVDB, vdb-entry)