PT-2012-5993 · Openstack · Openstack Glance

Mark Washenberger

Published

2012-11-11

Updated

2022-05-17

CVE-2012-5482

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenStack Glance versions 2012.1 through 2012.2

Description The issue allows remote authenticated users to delete arbitrary non-protected images via an image deletion request to the v2 API. This is due to an incomplete fix for a previous issue.

Recommendations For versions 2012.1 and 2012.2, consider restricting access to the image deletion functionality in the v2 API until a complete fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-5482

GHSA-VWR9-9F8V-VP5M

PYSEC-2012-30

Affected Products

Openstack Glance

PT-2012-5993 · Openstack · Openstack Glance

CVE-2012-5482

Weakness Enumeration

Related Identifiers

Affected Products

References · 22