CVE-2012-4573
Published: 7 November 2012
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
Notes
| Author | Note |
|---|---|
| jdstrand | Diablo (in Ubuntu 11.10) not affected per upstream also affects v2 api in Folsom+ (Ubuntu 12.10+) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
glance Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Released
(2012.1.3+stable~20120821-120fcf-0ubuntu1.2)
|
|
| quantal |
Released
(2012.2-0ubuntu2.3)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: https://review.openstack.org/gitweb?p=openstack%2Fglance.git;a=commitdiff;h=efd7e75b1f419a52c7103c7840e24af8e5deb29d upstream: https://review.openstack.org/gitweb?p=openstack%2Fglance.git;a=commitdiff;h=90bcdc5a89e350a358cf320a03f5afe99795f6f6 upstream: https://review.openstack.org/gitweb?p=openstack/glance.git;a=patch;h=fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3 |
||
References
- https://lists.launchpad.net/openstack/msg18386.html
- https://review.openstack.org/#/c/15562/
- https://review.openstack.org/#/c/15563/
- https://ubuntu.com/security/notices/USN-1626-1
- https://review.openstack.org/#/c/15659/
- https://ubuntu.com/security/notices/USN-1626-2
- https://www.cve.org/CVERecord?id=CVE-2012-4573
- NVD
- Launchpad
- Debian