CVE-2012-5482
published 2012-11-11CVE-2012-5482: The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an…
medium5.5CVSS 3.1
AVNACLAuSCNIPAP
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glance | < glance 2012.1.1-3 (bookworm) | glance 2012.1.1-3 (bookworm) |
| debian | glance | < glance 2012.1.1-2 (bookworm) | glance 2012.1.1-2 (bookworm) |
| glance_project | glance | < efd7e75b1f419a52c7103c7840e24af8e5deb29d | efd7e75b1f419a52c7103c7840e24af8e5deb29d |
| glance_project | glance | < 6ab0992e5472ae3f9bef0d2ced41030655d9d2bc | 6ab0992e5472ae3f9bef0d2ced41030655d9d2bc |
| glance_project | glance | >= 0 < 2012.1.1-3 | 2012.1.1-3 |
| glance_project | glance | >= 0 < 2012.1.1-2 | 2012.1.1-2 |
| glance_project | glance | >= 0 < 2012.1.1-3 | 2012.1.1-3 |
| glance_project | glance | >= 0 < 2012.1.1-2 | 2012.1.1-2 |
| glance_project | glance | >= 0 < 2012.1.1-3 | 2012.1.1-3 |
| glance_project | glance | >= 0 < 2012.1.1-2 | 2012.1.1-2 |
| glance_project | glance | >= 0 < 2012.1.1-3 | 2012.1.1-3 |
| glance_project | glance | >= 0 < 2012.1.1-2 | 2012.1.1-2 |
| glance_project | glance | >= 0 < 11.0.0a0 | 11.0.0a0 |
| glance_project | glance | >= 0 < 90bcdc5a89e350a358cf320a03f5afe99795f6f6 | 90bcdc5a89e350a358cf320a03f5afe99795f6f6 |
| openstack | essex | — | — |
| openstack | folsom | — | — |
CVSS provenance
nvd5.5MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:P
ghsa5.5MEDIUM
osv5.5MEDIUM