CVE-2013-4428

CWE-26410 documents8 sources

Severity

3.5LOW

EPSS

0.3%

top 47.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Glance Canonical Ubuntu Linux

Timeline

PublishedOct 27

Latest updateMay 14

Description

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶NVDopenstack/glance2013.1 — 2013.1.4+2

▶Debianglance< 2013.2-1+3

Also affects: Ubuntu Linux 12.10, 13.04

Patches

Patch: launchpad.net ↗Patch: launchpad.net ↗Patch: launchpad.net ↗

🔴Vulnerability Details

GHSA

GHSA-hv7x-f537-wh3x: OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013↗2022-05-14

▶

OSV

CVE-2013-4428: OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013↗2013-10-27

▶

CVEList

CVE-2013-4428: OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013↗2013-10-27

▶

📋Vendor Advisories

Ubuntu

Glance vulnerability↗2013-10-23

▶

Red Hat

Glance: image_download policy not enforced for cached images↗2013-10-04

▶

Debian

CVE-2013-4428: glance - OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 20...↗2013

▶

💬Community

Bugzilla

CVE-2013-4428 openstack-glance: OpenStack Glance: image_download policy not enforced for cached images [fedora-all]↗2013-10-16

▶

Bugzilla

CVE-2013-4428 openstack-glance: OpenStack Glance: image_download policy not enforced for cached images [epel-6]↗2013-10-16

▶

Bugzilla

CVE-2013-4428 OpenStack Glance: image_download policy not enforced for cached images↗2013-10-16

▶