OpenStack Image Registry Vulnerability in Glance Affects Multiple Tenants
CVE-2013-4354
Currently unrated
Key Information:
- Vendor
- Openstack
- Vendor
- CVE Published:
- 23 November 2013
Summary
A vulnerability exists in the OpenStack Image Registry and Delivery Service (Glance) prior to version 2.1 that permits local users to inject images into arbitrary tenant accounts. This occurs due to the software allowing the addition of a tenant as a member of any image, thereby compromising the data integrity and confidentiality of the tenant's images.
References
Timeline
Vulnerability published
Vulnerability Reserved