CVE-2013-4428
published 2013-10-27CVE-2013-4428: OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured…
low3.5CVSS 3.1
AVNACMAuSCPINAN
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | glance | < glance 2013.2-1 (bookworm) | glance 2013.2-1 (bookworm) |
| glance_project | glance | >= 0 < 2013.2-1 | 2013.2-1 |
| glance_project | glance | >= 0 < 2013.2-1 | 2013.2-1 |
| glance_project | glance | >= 0 < 2013.2-1 | 2013.2-1 |
| glance_project | glance | >= 0 < 2013.2-1 | 2013.2-1 |
| openstack | glance | — | — |
| openstack | glance | 2012.2 – 2012.2.4 | — |
| openstack | glance | >= 2013.1 < 2013.1.4 | 2013.1.4 |
CVSS provenance
nvd3.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
osv3.5LOW