Improper input validation in Openstack Image_registry_and_delivery_service_\(glance\)

CVE-2013-4354

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (34.5th percentile) — read the EPSS interpretation.

Affected products

Openstack Image_registry_and_delivery_service_\(glance\)
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

[oss-security] 20130919 Re: OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354) (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
[oss-security] 20130919 OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354) (mailing-list, x_refsource_MLIST)