[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-4573Date: (C)2012-11-12   (M)2023-12-22


The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.5
Exploit Score: 8.0
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-51174
SECUNIA-51234
BID-56437
OSVDB-87248
FEDORA-2012-17901
RHSA-2012:1558
SUSE-SU-2012:1455
USN-1626-1
USN-1626-2
http://www.openwall.com/lists/oss-security/2012/11/07/6
http://www.openwall.com/lists/oss-security/2012/11/09/5
http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html
https://bugs.launchpad.net/glance/+bug/1065187
https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc
https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6
https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d
openstack-glance-sec-bypass(79895)

CPE    2
cpe:/a:openstack:folsom:2012.2
cpe:/a:openstack:essex:2012.1
CWE    1
CWE-264
OVAL    3
oval:org.secpod.oval:def:701068
oval:org.secpod.oval:def:701070
oval:org.secpod.oval:def:104320

© SecPod Technologies