Remote Authentication Bypass in OpenStack Glance by OpenStack
CVE-2012-5482

Currently unrated

Key Information:

Vendor: Openstack
Status: Image Registry And Delivery Service \(glance\); Essex; Folsom
Vendor: CVE Published:; 11 November 2012

Summary

A security flaw in the v2 API of OpenStack Glance allows remote authenticated users to delete arbitrary non-protected images. This vulnerability arises from an incomplete fix for a prior issue, CVE-2012-4573. As a result, proper protections are not enforced for image deletion requests, which poses a risk for data integrity and security within the OpenStack ecosystem.

References

http://secunia.com/advisories/51174

third-party-advisoryx_refsource_SECUNIA

https://github.com/openstack/glance/commit/b591304b8980d8...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2012/11/08/2

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Nov 11, 2012
Vulnerability Reserved
Oct 24, 2012