All the vulnerabilites related to openstack - image_registry_and_delivery_service_\(glance\)
cve-2014-9493
Vulnerability from cvelistv5
Published
2015-01-07 19:00
Modified
2024-08-06 13:47
Severity ?
Summary
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:41.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:0246",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1400966"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.openstack.org/ossa/OSSA-2014-041.html"
          },
          {
            "name": "71688",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71688"
          },
          {
            "name": "[openstack-announce] 20141223 [OSSA-2014-041] Glance v2 API unrestricted path traversal",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2015:0246",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1400966"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.openstack.org/ossa/OSSA-2014-041.html"
        },
        {
          "name": "71688",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71688"
        },
        {
          "name": "[openstack-announce] 20141223 [OSSA-2014-041] Glance v2 API unrestricted path traversal",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9493",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2015:0246",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html"
            },
            {
              "name": "https://bugs.launchpad.net/glance/+bug/1400966",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/glance/+bug/1400966"
            },
            {
              "name": "https://security.openstack.org/ossa/OSSA-2014-041.html",
              "refsource": "CONFIRM",
              "url": "https://security.openstack.org/ossa/OSSA-2014-041.html"
            },
            {
              "name": "71688",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71688"
            },
            {
              "name": "[openstack-announce] 20141223 [OSSA-2014-041] Glance v2 API unrestricted path traversal",
              "refsource": "MLIST",
              "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9493",
    "datePublished": "2015-01-07T19:00:00",
    "dateReserved": "2015-01-03T00:00:00",
    "dateUpdated": "2024-08-06T13:47:41.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1195
Vulnerability from cvelistv5
Published
2015-01-21 18:00
Modified
2024-08-06 04:33
Severity ?
Summary
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:33:20.821Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[openstack-announce] 20150120 [OSSA 2015-002.1] Glance v2 API unrestricted path traversal through filesystem:// scheme (CVE-2015-1195) ERRATA 1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ossa/+bug/1408663"
          },
          {
            "name": "[oss-security] 20150118 Re: [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/18/5"
          },
          {
            "name": "62169",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62169"
          },
          {
            "name": "[oss-security] 20150115 [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/15/2"
          },
          {
            "name": "71976",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71976"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[openstack-announce] 20150120 [OSSA 2015-002.1] Glance v2 API unrestricted path traversal through filesystem:// scheme (CVE-2015-1195) ERRATA 1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ossa/+bug/1408663"
        },
        {
          "name": "[oss-security] 20150118 Re: [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/18/5"
        },
        {
          "name": "62169",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62169"
        },
        {
          "name": "[oss-security] 20150115 [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/15/2"
        },
        {
          "name": "71976",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71976"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[openstack-announce] 20150120 [OSSA 2015-002.1] Glance v2 API unrestricted path traversal through filesystem:// scheme (CVE-2015-1195) ERRATA 1",
              "refsource": "MLIST",
              "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html"
            },
            {
              "name": "https://bugs.launchpad.net/ossa/+bug/1408663",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/ossa/+bug/1408663"
            },
            {
              "name": "[oss-security] 20150118 Re: [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/18/5"
            },
            {
              "name": "62169",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62169"
            },
            {
              "name": "[oss-security] 20150115 [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/15/2"
            },
            {
              "name": "71976",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71976"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-1195",
    "datePublished": "2015-01-21T18:00:00",
    "dateReserved": "2015-01-18T00:00:00",
    "dateUpdated": "2024-08-06T04:33:20.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4354
Vulnerability from cvelistv5
Published
2013-11-23 17:00
Modified
2024-08-06 16:38
Severity ?
Summary
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20130919 Re: OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/09/19/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1226078"
          },
          {
            "name": "[oss-security] 20130919 OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/09/19/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-11-23T18:10:04",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20130919 Re: OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/09/19/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1226078"
        },
        {
          "name": "[oss-security] 20130919 OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/09/19/2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4354",
    "datePublished": "2013-11-23T17:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0162
Vulnerability from cvelistv5
Published
2014-04-27 20:00
Modified
2024-08-06 09:05
Severity ?
Summary
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.
References
http://www.ubuntu.com/usn/USN-2193-1vendor-advisory, x_refsource_UBUNTU
https://launchpad.net/bugs/1298698x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2014/04/10/13mailing-list, x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2014-0455.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:39.016Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2193-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2193-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://launchpad.net/bugs/1298698"
          },
          {
            "name": "[oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/04/10/13"
          },
          {
            "name": "RHSA-2014:0455",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-06-02T14:57:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2193-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2193-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://launchpad.net/bugs/1298698"
        },
        {
          "name": "[oss-security] 20140410 [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/04/10/13"
        },
        {
          "name": "RHSA-2014:0455",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0162",
    "datePublished": "2014-04-27T20:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:39.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-4573
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 20:42
Severity ?
Summary
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:42:54.862Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "51174",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51174"
          },
          {
            "name": "51234",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51234"
          },
          {
            "name": "USN-1626-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1626-1"
          },
          {
            "name": "RHSA-2012:1558",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
          },
          {
            "name": "56437",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56437"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
          },
          {
            "name": "FEDORA-2012-17901",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
          },
          {
            "name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
          },
          {
            "name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
          },
          {
            "name": "87248",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/87248"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
          },
          {
            "name": "USN-1626-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1626-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1065187"
          },
          {
            "name": "SUSE-SU-2012:1455",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
          },
          {
            "name": "openstack-glance-sec-bypass(79895)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "51174",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51174"
        },
        {
          "name": "51234",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51234"
        },
        {
          "name": "USN-1626-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1626-1"
        },
        {
          "name": "RHSA-2012:1558",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
        },
        {
          "name": "56437",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56437"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
        },
        {
          "name": "FEDORA-2012-17901",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
        },
        {
          "name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
        },
        {
          "name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
        },
        {
          "name": "87248",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/87248"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
        },
        {
          "name": "USN-1626-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1626-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1065187"
        },
        {
          "name": "SUSE-SU-2012:1455",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
        },
        {
          "name": "openstack-glance-sec-bypass(79895)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4573",
    "datePublished": "2012-11-11T11:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:42:54.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-5356
Vulnerability from cvelistv5
Published
2014-08-25 14:00
Modified
2024-08-06 11:41
Severity ?
Summary
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
References
http://www.openwall.com/lists/oss-security/2014/08/21/6mailing-list, x_refsource_MLIST
http://www.ubuntu.com/usn/USN-2322-1vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2014-1337.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2014-1685.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/60743third-party-advisory, x_refsource_SECUNIA
https://bugs.launchpad.net/glance/+bug/1315321x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2014-1338.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:41:49.236Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20140821 [OSSA 2014-028] Glance store DoS through disk space exhaustion (CVE-2014-5356)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/08/21/6"
          },
          {
            "name": "USN-2322-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2322-1"
          },
          {
            "name": "RHSA-2014:1337",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1337.html"
          },
          {
            "name": "RHSA-2014:1685",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1685.html"
          },
          {
            "name": "60743",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60743"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1315321"
          },
          {
            "name": "RHSA-2014:1338",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1338.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20140821 [OSSA 2014-028] Glance store DoS through disk space exhaustion (CVE-2014-5356)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/08/21/6"
        },
        {
          "name": "USN-2322-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2322-1"
        },
        {
          "name": "RHSA-2014:1337",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1337.html"
        },
        {
          "name": "RHSA-2014:1685",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1685.html"
        },
        {
          "name": "60743",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60743"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1315321"
        },
        {
          "name": "RHSA-2014:1338",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1338.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-5356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20140821 [OSSA 2014-028] Glance store DoS through disk space exhaustion (CVE-2014-5356)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/08/21/6"
            },
            {
              "name": "USN-2322-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2322-1"
            },
            {
              "name": "RHSA-2014:1337",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1337.html"
            },
            {
              "name": "RHSA-2014:1685",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1685.html"
            },
            {
              "name": "60743",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60743"
            },
            {
              "name": "https://bugs.launchpad.net/glance/+bug/1315321",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/glance/+bug/1315321"
            },
            {
              "name": "RHSA-2014:1338",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1338.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-5356",
    "datePublished": "2014-08-25T14:00:00",
    "dateReserved": "2014-08-19T00:00:00",
    "dateUpdated": "2024-08-06T11:41:49.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-1881
Vulnerability from cvelistv5
Published
2015-02-24 15:00
Modified
2024-08-06 04:54
Severity ?
Summary
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.396Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
          },
          {
            "name": "RHSA-2015:0938",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1420696"
          },
          {
            "name": "72694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72694"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
        },
        {
          "name": "RHSA-2015:0938",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1420696"
        },
        {
          "name": "72694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72694"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1881",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)",
              "refsource": "MLIST",
              "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
            },
            {
              "name": "RHSA-2015:0938",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
            },
            {
              "name": "https://bugs.launchpad.net/glance/+bug/1420696",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/glance/+bug/1420696"
            },
            {
              "name": "72694",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72694"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-1881",
    "datePublished": "2015-02-24T15:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-5482
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 21:05
Severity ?
Summary
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.269Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "51174",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51174"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
          },
          {
            "name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1076506"
          },
          {
            "name": "56437",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56437"
          },
          {
            "name": "glance-v2api-security-bypass(80019)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
          },
          {
            "name": "FEDORA-2012-17901",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
          },
          {
            "name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
          },
          {
            "name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
          },
          {
            "name": "87248",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/87248"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
          },
          {
            "name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
          },
          {
            "name": "SUSE-SU-2012:1455",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-11-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "51174",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51174"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
        },
        {
          "name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1076506"
        },
        {
          "name": "56437",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56437"
        },
        {
          "name": "glance-v2api-security-bypass(80019)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
        },
        {
          "name": "FEDORA-2012-17901",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
        },
        {
          "name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
        },
        {
          "name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
        },
        {
          "name": "87248",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/87248"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
        },
        {
          "name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
        },
        {
          "name": "SUSE-SU-2012:1455",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-5482",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "51174",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51174"
            },
            {
              "name": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88",
              "refsource": "CONFIRM",
              "url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
            },
            {
              "name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
            },
            {
              "name": "https://bugs.launchpad.net/glance/+bug/1076506",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/glance/+bug/1076506"
            },
            {
              "name": "56437",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/56437"
            },
            {
              "name": "glance-v2api-security-bypass(80019)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
            },
            {
              "name": "FEDORA-2012-17901",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
            },
            {
              "name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
            },
            {
              "name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
            },
            {
              "name": "87248",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/87248"
            },
            {
              "name": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3",
              "refsource": "CONFIRM",
              "url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
            },
            {
              "name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
            },
            {
              "name": "SUSE-SU-2012:1455",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-5482",
    "datePublished": "2012-11-11T11:00:00",
    "dateReserved": "2012-10-24T00:00:00",
    "dateUpdated": "2024-08-06T21:05:47.269Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0757
Vulnerability from cvelistv5
Published
2016-04-13 17:00
Modified
2024-08-05 22:30
Severity ?
Summary
OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.
References
http://rhn.redhat.com/errata/RHSA-2016-0309.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/82696vdb-entry, x_refsource_BID
https://security.openstack.org/ossa/OSSA-2016-006.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:04.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2016:0309",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0309.html"
          },
          {
            "name": "82696",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/82696"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.openstack.org/ossa/OSSA-2016-006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2016:0309",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0309.html"
        },
        {
          "name": "82696",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/82696"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.openstack.org/ossa/OSSA-2016-006.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0757",
    "datePublished": "2016-04-13T17:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:04.013Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-1948
Vulnerability from cvelistv5
Published
2014-02-14 15:00
Modified
2024-08-06 09:58
Severity ?
Summary
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
References
https://bugs.launchpad.net/glance/+bug/1275062x_refsource_CONFIRM
http://secunia.com/advisories/56419third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2014-0229.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/65507vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2014/02/12/18mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:58:15.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1275062"
          },
          {
            "name": "56419",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56419"
          },
          {
            "name": "RHSA-2014:0229",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html"
          },
          {
            "name": "65507",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65507"
          },
          {
            "name": "[oss-security] 20140212 [OSSA 2014-004] Glance Swift store backend password leak  (CVE-2014-1948)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/02/12/18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-03-05T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1275062"
        },
        {
          "name": "56419",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56419"
        },
        {
          "name": "RHSA-2014:0229",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html"
        },
        {
          "name": "65507",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65507"
        },
        {
          "name": "[oss-security] 20140212 [OSSA 2014-004] Glance Swift store backend password leak  (CVE-2014-1948)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/02/12/18"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-1948",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/glance/+bug/1275062",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/glance/+bug/1275062"
            },
            {
              "name": "56419",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56419"
            },
            {
              "name": "RHSA-2014:0229",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html"
            },
            {
              "name": "65507",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65507"
            },
            {
              "name": "[oss-security] 20140212 [OSSA 2014-004] Glance Swift store backend password leak  (CVE-2014-1948)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/02/12/18"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-1948",
    "datePublished": "2014-02-14T15:00:00",
    "dateReserved": "2014-02-12T00:00:00",
    "dateUpdated": "2024-08-06T09:58:15.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-9684
Vulnerability from cvelistv5
Published
2015-02-24 15:00
Modified
2024-08-06 13:55
Severity ?
Summary
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:55:04.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1371118"
          },
          {
            "name": "RHSA-2015:0938",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
          },
          {
            "name": "72692",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72692"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1371118"
        },
        {
          "name": "RHSA-2015:0938",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
        },
        {
          "name": "72692",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72692"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9684",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[openstack-announce] 20150223 [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881)",
              "refsource": "MLIST",
              "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
            },
            {
              "name": "https://bugs.launchpad.net/glance/+bug/1371118",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/glance/+bug/1371118"
            },
            {
              "name": "RHSA-2015:0938",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
            },
            {
              "name": "72692",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72692"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9684",
    "datePublished": "2015-02-24T15:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T13:55:04.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-9623
Vulnerability from cvelistv5
Published
2015-01-23 15:00
Modified
2024-08-06 13:47
Severity ?
Summary
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:41.740Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:0838",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"
          },
          {
            "name": "RHSA-2015:0644",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"
          },
          {
            "name": "62165",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62165"
          },
          {
            "name": "RHSA-2015:0837",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1383973"
          },
          {
            "name": "[oss-security] 20150118 Re: CVE request for vulnerability in OpenStack Glance",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1398830"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T22:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2015:0838",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"
        },
        {
          "name": "RHSA-2015:0644",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"
        },
        {
          "name": "62165",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62165"
        },
        {
          "name": "RHSA-2015:0837",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1383973"
        },
        {
          "name": "[oss-security] 20150118 Re: CVE request for vulnerability in OpenStack Glance",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1398830"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9623",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2015:0838",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"
            },
            {
              "name": "RHSA-2015:0644",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"
            },
            {
              "name": "62165",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62165"
            },
            {
              "name": "RHSA-2015:0837",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
            },
            {
              "name": "https://bugs.launchpad.net/glance/+bug/1383973",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/glance/+bug/1383973"
            },
            {
              "name": "[oss-security] 20150118 Re: CVE request for vulnerability in OpenStack Glance",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"
            },
            {
              "name": "https://bugs.launchpad.net/glance/+bug/1398830",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/glance/+bug/1398830"
            },
            {
              "name": "https://security.openstack.org/ossa/OSSA-2015-003.html",
              "refsource": "CONFIRM",
              "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9623",
    "datePublished": "2015-01-23T15:00:00",
    "dateReserved": "2015-01-18T00:00:00",
    "dateUpdated": "2024-08-06T13:47:41.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-5251
Vulnerability from cvelistv5
Published
2015-10-26 17:00
Modified
2024-08-06 06:41
Severity ?
Summary
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:08.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.openstack.org/ossa/OSSA-2015-019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/bugs/1482371"
          },
          {
            "name": "RHSA-2015:1897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-10-26T16:57:02",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.openstack.org/ossa/OSSA-2015-019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/bugs/1482371"
        },
        {
          "name": "RHSA-2015:1897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5251",
    "datePublished": "2015-10-26T17:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:08.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-0212
Vulnerability from cvelistv5
Published
2013-02-24 21:00
Modified
2024-08-06 14:18
Severity ?
Summary
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
          },
          {
            "name": "[openstack] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.launchpad.net/openstack/msg20517.html"
          },
          {
            "name": "USN-1710-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1710-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/glance/+bug/1098962"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://launchpad.net/glance/+milestone/2012.2.3"
          },
          {
            "name": "[oss-security] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
          },
          {
            "name": "RHSA-2013:0209",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
          },
          {
            "name": "51990",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51990"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
          },
          {
            "name": "51957",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51957"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-24T21:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
        },
        {
          "name": "[openstack] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.launchpad.net/openstack/msg20517.html"
        },
        {
          "name": "USN-1710-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1710-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/glance/+bug/1098962"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://launchpad.net/glance/+milestone/2012.2.3"
        },
        {
          "name": "[oss-security] 20130129 [OSSA 2013-002] Backend password leak in Glance error message (CVE-2013-0212)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
        },
        {
          "name": "RHSA-2013:0209",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
        },
        {
          "name": "51990",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51990"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
        },
        {
          "name": "51957",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51957"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0212",
    "datePublished": "2013-02-24T21:00:00Z",
    "dateReserved": "2012-12-06T00:00:00Z",
    "dateUpdated": "2024-08-06T14:18:09.592Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-5286
Vulnerability from cvelistv5
Published
2015-10-26 17:00
Modified
2024-08-06 06:41
Severity ?
Summary
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.
References
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:09.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/bugs/1498163"
          },
          {
            "name": "76943",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76943"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.openstack.org/ossa/OSSA-2015-020.html"
          },
          {
            "name": "RHSA-2015:1897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/bugs/1498163"
        },
        {
          "name": "76943",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76943"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.openstack.org/ossa/OSSA-2015-020.html"
        },
        {
          "name": "RHSA-2015:1897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5286",
    "datePublished": "2015-10-26T17:00:00",
    "dateReserved": "2015-07-01T00:00:00",
    "dateUpdated": "2024-08-06T06:41:09.339Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2016-04-13 17:59
Modified
2024-11-21 02:42
Summary
OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90A838B8-A2EE-43CC-80BA-EC40B1DCF446",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):11.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB67B1D1-AFF7-4541-B5EF-739AE5913D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B314472-86B2-4E42-B06D-4B7F2B406147",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image."
    },
    {
      "lang": "es",
      "value": "OpenStack Image Service (Glance) en versiones anteriores a 2015.1.3 (kilo) y 11.0.x en versiones anteriores a 11.0.2 (liberty), cuando show_multiple_locations est\u00e1 habilitado, permiten a usuarios remotos autenticados cambiar el estado de imagen y cargar nuevos datos de imagen eliminando la \u00faltima localizaci\u00f3n de una imagen."
    }
  ],
  "id": "CVE-2016-0757",
  "lastModified": "2024-11-21T02:42:19.157",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-13T17:59:09.867",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0309.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/82696"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://security.openstack.org/ossa/OSSA-2016-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0309.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/82696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://security.openstack.org/ossa/OSSA-2016-006.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-01-21 18:59
Modified
2024-11-21 02:24
Severity ?
Summary
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A5066B6-4A70-478B-9B88-6A64CA1DD9B0",
              "versionEndExcluding": "2014.1.4",
              "versionStartIncluding": "2014.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F3833A-DC9F-4E59-96FD-90798863AFEA",
              "versionEndExcluding": "2014.2.2",
              "versionStartIncluding": "2014.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493."
    },
    {
      "lang": "es",
      "value": "La API V2 en OpenStack Image Registry and Delivery Service (Glance) anterior a 2014.1.4 y 2014.2.x anterior a 2014.2.2 permite a usuarios remotos autenticados leer o eliminar ficheros arbitrarios a trav\u00e9s de un nombre de ruta completo en una URL filesystem: en la propiedad de la localizaci\u00f3n de im\u00e1genes. NOTA: esta vulnerabilidad existe debida a una soluciona incompleta para CVE-2014-9493."
    }
  ],
  "id": "CVE-2015-1195",
  "lastModified": "2024-11-21T02:24:51.413",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-21T18:59:56.090",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/62169"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/01/15/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/01/18/5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/71976"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/ossa/+bug/1408663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-January/000325.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/62169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/01/15/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/01/18/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/71976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/ossa/+bug/1408663"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2024-11-21 01:44
Severity ?
Summary
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html
secalert@redhat.comhttp://osvdb.org/87248
secalert@redhat.comhttp://secunia.com/advisories/51174Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/07/6
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/08/2
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/09/1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/09/5
secalert@redhat.comhttp://www.securityfocus.com/bid/56437
secalert@redhat.comhttps://bugs.launchpad.net/glance/+bug/1076506
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80019
secalert@redhat.comhttps://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88
secalert@redhat.comhttps://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/87248
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51174Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/07/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/08/2
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/09/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/09/5
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56437
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/glance/+bug/1076506
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80019
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC5343C7-8EBD-49A5-8423-22F88DE0CBD2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573."
    },
    {
      "lang": "es",
      "value": "v2 API en OpenStack Glance Grizzly, Folsom (2012.2)y Essex (2012.1), permite a usuarios remotos autenticados, borrar im\u00e1genes no protegidas de su elecci\u00f3n a trav\u00e9s de una petici\u00f3n de borrado de imagen. NOTA: Esta vulnerabilidad existe por una soluci\u00f3n incompleta para CVE-2012-4573."
    }
  ],
  "id": "CVE-2012-5482",
  "lastModified": "2024-11-21T01:44:44.163",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-11-11T13:00:59.620",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/87248"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51174"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/56437"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/glance/+bug/1076506"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/87248"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/56437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/glance/+bug/1076506"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-26 17:59
Modified
2024-11-21 02:32
Severity ?
Summary
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0964364D-BB85-4C6C-AC03-9C5654F31B11",
              "versionEndIncluding": "2014.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66E0C3C-F6B7-433D-9F93-531594C52D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "897FC29D-7439-4BF2-8296-FB33712DCE43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*."
    },
    {
      "lang": "es",
      "value": "OpenStack Image Service (Glance) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores 2015.1.2 (kilo) permiten a usuarios remotos autenticados cambiar el estado de sus im\u00e1genes y eludir las restricciones de acceso a trav\u00e9s de la cabecera HTTP x-image-meta-status a images/*."
    }
  ],
  "id": "CVE-2015-5251",
  "lastModified": "2024-11-21T02:32:38.873",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-26T17:59:06.813",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/bugs/1482371"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.openstack.org/ossa/OSSA-2015-019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/bugs/1482371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.openstack.org/ossa/OSSA-2015-019.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-08-25 14:55
Modified
2024-11-21 02:11
Severity ?
Summary
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2930CB-FAC9-4283-81A2-33CB02AE0463",
              "versionEndIncluding": "2013.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5187A73A-0D13-442E-AC27-D995B652F184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E946F4-A78D-4444-8418-AB44F93FE603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46675930-1B59-4379-8D53-65791B674633",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D25939A0-128A-422D-8AA4-82ABF48701EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49917050-28EC-4C2E-B318-32108332AC4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF99F800-FFCA-423E-94DF-CF4E762B7E92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "200CFA26-EBA7-425A-86EC-C13855382C6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):juno-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F3FFF72-B308-41EF-A807-255235CED49D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image."
    },
    {
      "lang": "es",
      "value": "OpenStack Image Registry and Delivery Service (Glance) anterior a 2013.2.4, 2014.x anterior a 2014.1.3, y Juno anterior a Juno-3, cuando utiliza la API V2, no aplica debidamente la opci\u00f3n de configuraci\u00f3n image_size_cap, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (el consumo del disco) mediante la subida de un imagen grande."
    }
  ],
  "id": "CVE-2014-5356",
  "lastModified": "2024-11-21T02:11:54.813",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-08-25T14:55:07.160",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1337.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1338.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1685.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/60743"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/08/21/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2322-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.launchpad.net/glance/+bug/1315321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1337.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1338.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-1685.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/08/21/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2322-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/glance/+bug/1315321"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-10-26 17:59
Modified
2024-11-21 02:32
Severity ?
Summary
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0964364D-BB85-4C6C-AC03-9C5654F31B11",
              "versionEndIncluding": "2014.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66E0C3C-F6B7-433D-9F93-531594C52D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2015.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "897FC29D-7439-4BF2-8296-FB33712DCE43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623."
    },
    {
      "lang": "es",
      "value": "OpenStack Image Service (Glance) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.2 (kilo) permite a usuarios remotos autenticados eludir la cuota de almacenamiento y provocar una denegaci\u00f3n de servicio (consumo de disco) borrando im\u00e1genes que han sido subidas utilizando un token que expira durante el proceso. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-9623."
    }
  ],
  "id": "CVE-2015-5286",
  "lastModified": "2024-11-21T02:32:42.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-26T17:59:07.937",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/76943"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/bugs/1498163"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.openstack.org/ossa/OSSA-2015-020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1897.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/bugs/1498163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.openstack.org/ossa/OSSA-2015-020.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-24 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
References
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0209.htmlVendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/51957Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/51990Vendor Advisory
secalert@redhat.comhttp://ubuntu.com/usn/usn-1710-1Patch
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/01/29/10
secalert@redhat.comhttps://bugs.launchpad.net/glance/+bug/1098962
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=902964Patch
secalert@redhat.comhttps://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7
secalert@redhat.comhttps://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1
secalert@redhat.comhttps://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89
secalert@redhat.comhttps://launchpad.net/glance/+milestone/2012.2.3
secalert@redhat.comhttps://lists.launchpad.net/openstack/msg20517.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0209.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51957Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51990Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-1710-1Patch
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/01/29/10
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/glance/+bug/1098962
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=902964Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89
af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/glance/+milestone/2012.2.3
af854a3a-2127-422b-91ae-364da2661108https://lists.launchpad.net/openstack/msg20517.html



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD405A64-CF2D-46A0-B19F-5633E0DE1427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "936ABA46-0574-4A7F-A11D-193B32747A90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E022F41C-3239-4663-9129-E8A871EA5B77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2012.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "09ACB383-AA30-4E23-A85E-A68E0A72B596",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
              "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint\u0027s user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages."
    },
    {
      "lang": "es",
      "value": "store/swift.py en OpenStack Glance Essex (2012.1), Folsom (2012.2) anterior a 2012.2.3, y Grizzly, cuando el modo singe tenant en Swift, guarda el usuario Swift remoto y el password en texto plano cuando el punto remoto es mal configurado, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante la lectura de mensajes de error."
    }
  ],
  "evaluatorComment": "Per http://www.ubuntu.com/usn/usn-1710-1/\nA security issue affects these releases of Ubuntu and its derivatives:\nUbuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10",
  "id": "CVE-2013-0212",
  "lastModified": "2024-11-21T01:47:04.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-24T21:55:01.143",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51957"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51990"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://ubuntu.com/usn/usn-1710-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/glance/+bug/1098962"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://launchpad.net/glance/+milestone/2012.2.3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.launchpad.net/openstack/msg20517.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://ubuntu.com/usn/usn-1710-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/01/29/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/glance/+bug/1098962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=902964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed364b7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a4c1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030a89"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.net/glance/+milestone/2012.2.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.launchpad.net/openstack/msg20517.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2024-11-21 01:43
Severity ?
Summary
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html
secalert@redhat.comhttp://osvdb.org/87248
secalert@redhat.comhttp://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1558.html
secalert@redhat.comhttp://secunia.com/advisories/51174Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/51234Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/07/6
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/09/5
secalert@redhat.comhttp://www.securityfocus.com/bid/56437
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1626-1
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1626-2
secalert@redhat.comhttps://bugs.launchpad.net/glance/+bug/1065187
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79895
secalert@redhat.comhttps://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc
secalert@redhat.comhttps://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6
secalert@redhat.comhttps://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29dPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/87248
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1558.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51174Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51234Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/07/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/09/5
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56437
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1626-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1626-2
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/glance/+bug/1065187
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/79895
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29dPatch
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC5343C7-8EBD-49A5-8423-22F88DE0CBD2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482."
    },
    {
      "lang": "es",
      "value": "La API v1 en OpenStack Vistazo Grizzly, Folsom (2.012,2) y Essex (2012.1) permite a usuarios autenticados remotamente borrar im\u00e1genes de su elecci\u00f3n no protegidas a trav\u00e9s de una solicitud de eliminaci\u00f3n de im\u00e1genes, una vulnerabilidad diferente a CVE-2012-5482."
    }
  ],
  "id": "CVE-2012-4573",
  "lastModified": "2024-11-21T01:43:09.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-11-11T13:00:58.883",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/87248"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51174"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51234"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/56437"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1626-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1626-2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/glance/+bug/1065187"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/87248"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/56437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1626-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1626-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/glance/+bug/1065187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-04-27 20:55
Modified
2024-11-21 02:01
Severity ?
Summary
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:icehouse:rc-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96482F1-192D-4CFA-A976-3C61BAA4E56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5187A73A-0D13-442E-AC27-D995B652F184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E946F4-A78D-4444-8418-AB44F93FE603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46675930-1B59-4379-8D53-65791B674633",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A459C23-D1CE-49BF-B15E-E2EC864DF958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location."
    },
    {
      "lang": "es",
      "value": "El backend Sheepdog en OpenStack Image Registry and Delivery Service (Glance) 2013.2 anterior a 2013.2.4 y icehouse anterior a icehouse-rc2 permite a usuarios remotos autenticados con permiso insertar o modificar un imagen para ejecutar comandos arbitrarios a trav\u00e9s de una localizaci\u00f3n manipulada."
    }
  ],
  "id": "CVE-2014-0162",
  "lastModified": "2024-11-21T02:01:30.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-27T20:55:23.667",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/10/13"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2193-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://launchpad.net/bugs/1298698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0455.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/10/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2193-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.net/bugs/1298698"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-02-14 15:55
Modified
2024-11-21 02:05
Severity ?
Summary
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5187A73A-0D13-442E-AC27-D995B652F184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2013.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20E946F4-A78D-4444-8418-AB44F93FE603",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log."
    },
    {
      "lang": "es",
      "value": "OpenStack Image Registry and Delivery Service (Glance) 2013.2 hasta 2013.2.1 y Icehouse anterior a icehouse-2 registra una URL que contiene la contrase\u00f1a de Swift store backend cuando falla la autenticaci\u00f3n y el registro a nivel de advertencia est\u00e1 habilitado, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura del registro."
    }
  ],
  "id": "CVE-2014-1948",
  "lastModified": "2024-11-21T02:05:20.153",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-14T15:55:06.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/56419"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2014/02/12/18"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/65507"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.launchpad.net/glance/+bug/1275062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0229.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2014/02/12/18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/65507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/glance/+bug/1275062"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-01-23 15:59
Modified
2024-11-21 02:21
Severity ?
Summary
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43629DD7-3510-4639-812E-7F09642B6B21",
              "versionEndIncluding": "2014.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "072E34B9-5979-4291-B1D2-762A7C515641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D7D19295-250D-4577-95A3-94E71789C639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "81CC384F-0D8D-4119-B3CD-4B585DBDF267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "625B1FA7-E7F3-4F1D-B58D-E23BAE4B1DC9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state."
    },
    {
      "lang": "es",
      "value": "OpenStack Glance 2014.2.x hasta la versi\u00f3n 2014.2.1, 2014.1.3 y versiones anteriores permite a usuarios remotos autenticados eludir la cuota de almacenamiento y causar una denegaci\u00f3n de servicio (consumo de disco) mediante el borrado de una imagen en el estado de ahorro."
    }
  ],
  "id": "CVE-2014-9623",
  "lastModified": "2024-11-21T02:21:16.293",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-23T15:59:06.537",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/62165"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.launchpad.net/glance/+bug/1383973"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.launchpad.net/glance/+bug/1398830"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0644.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0837.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0838.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/18/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/glance/+bug/1383973"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.launchpad.net/glance/+bug/1398830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.openstack.org/ossa/OSSA-2015-003.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-11-23 17:55
Modified
2024-11-21 01:55
Severity ?
Summary
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC5343C7-8EBD-49A5-8423-22F88DE0CBD2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image."
    },
    {
      "lang": "es",
      "value": "El API anterior a 2,1 en OpenStack Image Registry and Delivery Service (Glance) hace que sea m\u00e1s f\u00e1cil para los usuarios locales inyectar im\u00e1genes en inquilinos arbitrarios a\u00f1adiendo el inquilino como un miembro de la imagen."
    }
  ],
  "id": "CVE-2013-4354",
  "lastModified": "2024-11-21T01:55:24.737",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-11-23T17:55:03.540",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/19/2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/19/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/glance/+bug/1226078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/19/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/09/19/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/glance/+bug/1226078"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-02-24 15:59
Modified
2024-11-21 02:21
Severity ?
Summary
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "072E34B9-5979-4291-B1D2-762A7C515641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAB5B21-2F3D-4A5D-9554-B7F984FF5D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "071E2B7B-5E6B-4108-8E46-5E72AC22B168",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881."
    },
    {
      "lang": "es",
      "value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 hasta 2014.2.2 no elimina correctamente las im\u00e1genes, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de disco) mediante la creaci\u00f3n de un n\u00famero grande de im\u00e1genes al utilizar una API v2 de tareas y posteriormente elimin\u00e1ndolas antes de que terminen las subidas, una vulnerabilidad diferente a CVE-2015-1881."
    }
  ],
  "id": "CVE-2014-9684",
  "lastModified": "2024-11-21T02:21:26.357",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-24T15:59:03.537",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/72692"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.launchpad.net/glance/+bug/1371118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/72692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.launchpad.net/glance/+bug/1371118"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-02-24 15:59
Modified
2024-11-21 02:26
Severity ?
Summary
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "072E34B9-5979-4291-B1D2-762A7C515641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEAB5B21-2F3D-4A5D-9554-B7F984FF5D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):2014.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "071E2B7B-5E6B-4108-8E46-5E72AC22B168",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684."
    },
    {
      "lang": "es",
      "value": "OpenStack Image Registry and Delivery Service (Glance) 2014.2 hasta 2014.2.2 no elimina correctamente las im\u00e1genes, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de disco) mediante la creaci\u00f3n de un n\u00famero grande de im\u00e1genes al utilizar la API v2 de tareas y posteriormente elimin\u00e1ndolas, una vulnerabilidad diferente a CVE-2014-9684."
    }
  ],
  "id": "CVE-2015-1881",
  "lastModified": "2024-11-21T02:26:19.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-24T15:59:08.567",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/72694"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.launchpad.net/glance/+bug/1420696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-February/000336.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0938.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/72694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugs.launchpad.net/glance/+bug/1420696"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-01-07 19:59
Modified
2024-11-21 02:21
Severity ?
Summary
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A5066B6-4A70-478B-9B88-6A64CA1DD9B0",
              "versionEndExcluding": "2014.1.4",
              "versionStartIncluding": "2014.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F3833A-DC9F-4E59-96FD-90798863AFEA",
              "versionEndExcluding": "2014.2.2",
              "versionStartIncluding": "2014.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property."
    },
    {
      "lang": "es",
      "value": "La API V2 en OpenStack Image Registry and Delivery Service (Glance) anterior a 2014.2.2 y 2014.1.4 permite a usuarios remotos autenticados leer o eliminar ficheros a trav\u00e9s de un nombre de ruta completo en un fichero: URL en la propiedad de la localizaci\u00f3n de im\u00e1genes."
    }
  ],
  "id": "CVE-2014-9493",
  "lastModified": "2024-11-21T02:21:00.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-07T19:59:02.573",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/71688"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/glance/+bug/1400966"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.openstack.org/ossa/OSSA-2014-041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000317.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0246.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/71688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/glance/+bug/1400966"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.openstack.org/ossa/OSSA-2014-041.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}