CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
73.3%
Gabe Westmaas discovered that Glance did not always properly enforce access
controls when deleting images. An authenticated user could delete arbitrary
images by using the v1 API under certain circumstances.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.10 | noarch | python-glance | < 2012.2-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance | < 2012.2-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance-api | < 2012.2-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance-client | < 2012.2-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance-common | < 2012.2-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance-registry | < 2012.2-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | python-glance-doc | < 2012.2-0ubuntu2.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | python-glance | < 2012.1.3+stable~20120821-120fcf-0ubuntu1.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | glance | < 2012.1.3+stable~20120821-120fcf-0ubuntu1.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | glance-api | < 2012.1.3+stable~20120821-120fcf-0ubuntu1.2 | UNKNOWN |