Openstack · Openstack Image Registry/Delivery Service · CVE-2013-4428
**Name of the Vulnerable Software and Affected Versions**
OpenStack Image Registry and Delivery Service (Glance) versions Folsom through Grizzly before 2013.1.4
OpenStack Image Registry and Delivery Service (Glance) version Havana before 2013.2
**Description**
The issue allows remote authenticated users to read otherwise restricted images via an image UUID, due to improper access restriction to cached images when the download image policy is configured.
**Recommendations**
For OpenStack Image Registry and Delivery Service (Glance) versions Folsom through Grizzly before 2013.1.4, update to version 2013.1.4 or later.
For OpenStack Image Registry and Delivery Service (Glance) version Havana before 2013.2, update to version 2013.2 or later.