CVE-2013-4428
Published: 16 October 2013
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.
Notes
Author | Note |
---|---|
jdstrand | Essex (Ubuntu 12.04 LTS) does not have the download_image |
Priority
Status
Package | Release | Status |
---|---|---|
glance Launchpad, Ubuntu, Debian |
upstream |
Released
(1:2013.2~rc2)
|
lucid |
Does not exist
|
|
precise |
Not vulnerable
(code-not-present)
|
|
quantal |
Released
(2012.2.4-0ubuntu1.1)
|
|
raring |
Released
(1:2013.1.3-0ubuntu1.1)
|
|
saucy |
Not vulnerable
(1:2013.2~rc2-0ubuntu1)
|
|
Patches: upstream: https://review.openstack.org/50860 (folsom) upstream: https://review.openstack.org/50103 (grizzy) |