Debian Glance vulnerabilities

CVE-2014-9684 [MEDIUM] CVE-2014-9684: glance - OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 d... OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881. Scope: local b

CVE-2013-0212 [MEDIUM] CVE-2013-0212: glance - store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2... store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages. Scope: local bookworm: resolved

CVE-2013-1840 [LOW] CVE-2013-1840: glance - The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, whe... The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. Scope: local bookworm: resolved (fixed in 2012.1.1-5) bullseye: resolved (fixed in 2012.1.1-5) forky

CVE-2013-4428 [LOW] CVE-2013-4428: glance - OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 20... OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID. Scope: local bookworm: resolved (fixed in 2013.2-1) bullseye: res

CVE-2013-4354 [LOW] CVE-2013-4354: glance - The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) mak... The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2012-5482 [MEDIUM] CVE-2012-5482: glance - The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allo... The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573. Scope: local bookworm: resolved (fixed in 2012.1.1-3) bullseye: resolved (fixed in 2012.1.1-3) forky: resol

CVE-2012-4573 [MEDIUM] CVE-2012-4573: glance - The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allo... The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. Scope: local bookworm: resolved (fixed in 2012.1.1-2) bullseye: resolved (fixed in 2012.1.1-2) forky: resolved (fixed in 2012.1.1-2) sid: res