OpenStack Image Registry Vulnerability in Glance Affects Multiple Tenants
CVE-2013-4354

Currently unrated

Key Information:

Vendor: Openstack
Status: Image Registry And Delivery Service \(glance\)
Vendor: CVE Published:; 23 November 2013

Summary

A vulnerability exists in the OpenStack Image Registry and Delivery Service (Glance) prior to version 2.1 that permits local users to inject images into arbitrary tenant accounts. This occurs due to the software allowing the addition of a tenant as a member of any image, thereby compromising the data integrity and confidentiality of the tenant's images.

References

http://www.openwall.com/lists/oss-security/2013/09/19/3

mailing-listx_refsource_MLIST

https://bugs.launchpad.net/glance/+bug/1226078

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2013/09/19/2

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Nov 23, 2013
Vulnerability Reserved
Jun 12, 2013