Lucene search

K
cve[email protected]CVE-2013-4354
HistoryNov 23, 2013 - 5:55 p.m.

CVE-2013-4354

2013-11-2317:55:03
CWE-20
web.nvd.nist.gov
18
openstack
glance
api
security
image injection
cve-2013-4354

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

Affected configurations

NVD
Node
openstackimage_registry_and_delivery_service_\(glance\)Match-

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%