Authentication Bypass in OpenStack Glance by Rackspace
CVE-2012-4573

Currently unrated

Key Information:

Vendor: Openstack
Status: Image Registry And Delivery Service \(glance\); Essex; Folsom
Vendor: CVE Published:; 11 November 2012

Summary

The v1 API of OpenStack Glance allows remote authenticated users to delete arbitrary non-protected images through an unauthorized image deletion request. This vulnerability poses a significant security risk as it permits users to remove images that should be safeguarded against deletion. This behavior is distinct from other vulnerabilities affecting the same platform, highlighting the need for diligent security practices and updates to mitigate the risks associated with misuse.

References

http://secunia.com/advisories/51174

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/51234

third-party-advisoryx_refsource_SECUNIA

http://www.ubuntu.com/usn/USN-1626-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Nov 11, 2012
Vulnerability Reserved
Aug 21, 2012