Lucene search
UbuntuUSN-1626-1HistoryNov 08, 2012 - 12:00 a.m.
Glance vulnerability
2012-11-0800:00:00
ubuntu.com
37
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0.004
Percentile
73.3%
Releases
- Ubuntu 12.10
- Ubuntu 12.04
Packages
- glance - OpenStack Image Registry and Delivery Service
Details
Gabe Westmaas discovered that Glance did not always properly enforce access
controls when deleting images. An authenticated user could delete arbitrary
images by using the v1 API under certain circumstances.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 12.10 | noarch | python-glance | < 2012.2-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | glance | < 2012.2-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | glance-api | < 2012.2-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | glance-client | < 2012.2-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | glance-common | < 2012.2-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | glance-registry | < 2012.2-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | python-glance-doc | < 2012.2-0ubuntu2.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | python-glance | < 2012.1.3+stable~20120821-120fcf-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | glance | < 2012.1.3+stable~20120821-120fcf-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | glance-api | < 2012.1.3+stable~20120821-120fcf-0ubuntu1.2 | UNKNOWN |
References
Related
openvas
openvas
Ubuntu Update for glance USN-1626-1
2012-11-09 00:00:00
Ubuntu Update for glance USN-1626-2
2012-11-15 00:00:00
Ubuntu: Security Advisory (USN-1626-1)
2012-11-09 00:00:00
securityvulns
securityvulns
[USN-1626-1] Glance vulnerability
2012-11-09 00:00:00
Glance unauthorized images deletion
2012-11-09 00:00:00
nessus
nessus
Ubuntu 12.10 : glance vulnerability (USN-1626-2)
2012-11-12 00:00:00
Ubuntu 12.04 LTS / 12.10 : glance vulnerability (USN-1626-1)
2012-11-09 00:00:00
Fedora 18 : openstack-glance-2012.2-3.fc18 (2012-17901)
2012-11-14 00:00:00
redhat
redhat
(RHSA-2012:1558) Low: openstack-glance security update
2012-12-10 00:00:00
ubuntu
ubuntu
Glance vulnerability
2012-11-09 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 08:51:21
suse
suse
Security update for openstack-glance (important)
2012-11-08 18:08:45
prion
prion
Cross site request forgery (csrf)
2012-11-11 13:00:00
Cross site request forgery (csrf)
2012-11-11 13:00:00
github
github
OpenStack Glance arbitrary deletion of non-protected images
2022-05-17 01:39:26
OpenStack Glance arbitrary deletion of non-protected images
2022-05-17 01:41:54
cvelist
cvelist
CVE-2012-4573
2012-11-11 11:00:00
CVE-2012-5482
2012-11-11 11:00:00
nvd
nvd
CVE-2012-4573
2012-11-11 13:00:58
CVE-2012-5482
2012-11-11 13:00:59
cve
cve
CVE-2012-4573
2012-11-11 13:00:58
CVE-2012-5482
2012-11-11 13:00:59
debiancve
debiancve
CVE-2012-5482
2012-11-11 13:00:59
CVE-2012-4573
2012-11-11 13:00:58
osv
osv
OpenStack Glance arbitrary deletion of non-protected images
2022-05-17 01:39:26
OpenStack Glance arbitrary deletion of non-protected images
2022-05-17 01:41:54
ubuntucve
ubuntucve
CVE-2012-5482
2012-11-11 00:00:00
CVE-2012-4573
2012-11-07 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: openstack-glance-2012.2-3.fc18
2012-11-14 02:07:17
[SECURITY] Fedora 17 Update: openstack-glance-2012.1.2-2.fc17
2012-11-21 04:05:54
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0.004
Percentile
73.3%
Related for USN-1626-1