Lucene search
PRIOn knowledge basePRION:CVE-2013-4428HistoryOct 27, 2013 - 12:55 a.m.
Design/Logic Flaw
2013-10-2700:55:00
PRIOn knowledge base
www.prio-n.com
1
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 13.04 | |
| ubuntu_linux | eq | 12.10 | |
| glance | ge | 2012.2 | |
| glance | le | 2012.2.4 | |
| glance | ge | 2013.1 | |
| glance | lt | 2013.1.4 | |
| glance | eq | 2013.2 milestone1 | |
| glance | eq | 2013.2 milestone2 | |
| glance | eq | 2013.2 milestone3 |
References
rhn.redhat.com/errata/RHSA-2013-1525.html
www.openwall.com/lists/oss-security/2013/10/15/8
www.openwall.com/lists/oss-security/2013/10/16/9
www.securityfocus.com/bid/63159
www.ubuntu.com/usn/USN-2003-1
bugs.launchpad.net/glance/+bug/1235226
bugs.launchpad.net/glance/+bug/1235378
launchpad.net/glance/+milestone/2013.1.4
launchpad.net/glance/+milestone/2013.2
Related
cve
cve
CVE-2013-4428
2013-10-27 00:55:03
openvas
openvas
Ubuntu Update for glance USN-2003-1
2013-10-29 00:00:00
Ubuntu: Security Advisory (USN-2003-1)
2013-10-29 00:00:00
nvd
nvd
CVE-2013-4428
2013-10-27 00:55:03
debiancve
debiancve
CVE-2013-4428
2013-10-27 00:55:03
ubuntu
ubuntu
Glance vulnerability
2013-10-23 00:00:00
securityvulns
securityvulns
[USN-2003-1] Glance vulnerability
2013-10-28 00:00:00
OpenStack multiple security vulnerabilities
2013-12-23 00:00:00
nessus
nessus
Ubuntu 12.10 / 13.04 : glance vulnerability (USN-2003-1)
2013-10-24 00:00:00
veracode
veracode
Bypass Access Restriction
2019-01-15 09:01:22
redhat
redhat
(RHSA-2013:1525) Moderate: openstack-glance security and bug fix update
2013-11-18 00:00:00
cvelist
cvelist
CVE-2013-4428
2013-10-27 00:00:00
ubuntucve
ubuntucve
CVE-2013-4428
2013-10-16 00:00:00