CVE-2012-5482Project Glance vulnerability

11 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
1.4%
top 19.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Glance Project GlanceOpenstack EssexOpenstack Folsom
Timeline
PublishedNov 11
Latest updateMay 17

Description

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages4 packages

NVDopenstack/essex2012.1
NVDopenstack/folsom2012.2
PyPIglance_project/glance< 11.0.0a0+3
Debianglance_project/glance< 2012.1.1-3+3

🔴Vulnerability Details

6
GHSA
OpenStack Glance arbitrary deletion of non-protected images2022-05-17
OSV
OpenStack Glance arbitrary deletion of non-protected images2022-05-17
GHSA
OpenStack Glance arbitrary deletion of non-protected images2022-05-17
OSV
CVE-2012-5482: The v2 API in OpenStack Glance Grizzly, Folsom (20122012-11-11
CVEList
CVE-2012-5482: The v2 API in OpenStack Glance Grizzly, Folsom (20122012-11-11

📋Vendor Advisories

2
Red Hat
OpenStack: Glance Authentication bypass for image deletion2012-11-07
Debian
CVE-2012-5482: glance - The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allo...2012

💬Community

2
Bugzilla
CVE-2012-4573, CVE-2012-5482 OpenStack: Glance Authentication bypass for image deletion [fedora-all]2012-11-08
Bugzilla
CVE-2012-4573, CVE-2012-5482 OpenStack: Glance Authentication bypass for image deletion [epel-6]2012-11-08
CVE-2012-5482 — Glance Project Glance vulnerability | cvebase