OpenStack Image Registry Vulnerability in Glance Affects Multiple Tenants
CVE-2013-4354

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
23 November 2013

Summary

A vulnerability exists in the OpenStack Image Registry and Delivery Service (Glance) prior to version 2.1 that permits local users to inject images into arbitrary tenant accounts. This occurs due to the software allowing the addition of a tenant as a member of any image, thereby compromising the data integrity and confidentiality of the tenant's images.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.