Openstack · Openstack Image Registry/Delivery Service · CVE-2013-4354
**Name of the Vulnerable Software and Affected Versions**
OpenStack Image Registry and Delivery Service (Glance) versions prior to 2.1
**Description**
The issue allows local users to more easily inject images into arbitrary tenants by adding the tenant as a member of the image. This is due to a problem in the API.
**Recommendations**
For versions prior to 2.1, update to version 2.1 or later to resolve the issue.