Lucene search

[email protected]CVE-2013-4354

HistoryNov 23, 2013 - 5:55 p.m.

CVE-2013-4354

2013-11-2317:55:03

CWE-20

[email protected]

web.nvd.nist.gov

openstack

glance

api

security

image injection

cve-2013-4354

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

Affected configurations

NVD

Node

openstackimage_registry_and_delivery_service_\(glance\)Match-

CPENameOperatorVersion
openstack:image_registry_and_delivery_service_\(glance\)openstack image registry and delivery service (glance)eq-

CPE	Name	Operator	Version
openstack:image_registry_and_delivery_service_\(glance\)	openstack image registry and delivery service (glance)	eq	-

References

www.openwall.com/lists/oss-security/2013/09/19/2

www.openwall.com/lists/oss-security/2013/09/19/3

bugs.launchpad.net/glance/+bug/1226078

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2013-4354

cvelist1 ubuntucve1 prion1 debiancve1 nvd1