CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
73.3%
USN-1626-1 fixed vulnerabilities in the v1 API of Glance. This update
provides the corresponding updates for the v2 API.
Original advisory details:
Gabe Westmaas discovered that Glance did not always properly enforce access
controls when deleting images. An authenticated user could delete arbitrary
images by using the v1 API under certain circumstances.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.10 | noarch | python-glance | < 2012.2-0ubuntu2.3 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance | < 2012.2-0ubuntu2.3 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance-api | < 2012.2-0ubuntu2.3 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance-client | < 2012.2-0ubuntu2.3 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance-common | < 2012.2-0ubuntu2.3 | UNKNOWN |
Ubuntu | 12.10 | noarch | glance-registry | < 2012.2-0ubuntu2.3 | UNKNOWN |
Ubuntu | 12.10 | noarch | python-glance-doc | < 2012.2-0ubuntu2.3 | UNKNOWN |