PT-2012-5483 · Openstack · Openstack Glance

Gabe Westmaas

·

Publicado

2012-11-11

·

Atualizado

2022-05-17

·

CVE-2012-4573

CVSS v2.0

5.5

Média

VetorAV:N/AC:L/Au:S/C:N/I:P/A:P
Name of the Vulnerable Software and Affected Versions OpenStack Glance versions 2012.1 through 2012.2
Description The issue allows remote authenticated users to delete arbitrary non-protected images via an image deletion request to the v1 API endpoint.
Recommendations For versions 2012.1 and 2012.2, consider restricting access to the v1 API endpoint to prevent unauthorized image deletion until a fix is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2012-4573
GHSA-6RRM-XXVH-7R87
PYSEC-2012-29
RHSA-2012:1558

Produtos afetados

Openstack Glance