CVE-2013-0212

The CVE-2013-0212 issue affects OpenStack Glance (Essex/Folsom/Grizzly) in Swift single-tenant mode, where store/swift.py logs the Swift endpoint user name and password in cleartext in error messages when the endpoint is misconfigured or unusable. This allows a remote authenticated user to read s...

CVE-2015-5251

CVE-2015-5251 affects OpenStack Image Service (Glance) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo). The issue allows remote authenticated users to bypass access restrictions and change the status of their images by sending HTTP header x-image-meta-status to images/*, enabling m...

CVE-2016-0757

OpenStack Image Service (Glance) vulnerable CVE-2016-0757 affects 11.0.x before 11.0.2 (liberty) and 2015.1.3 (kilo) when show_multiple_locations is enabled. The issue allows a remote authenticated attacker to change image status and upload new image data by removing the last location of an image...

CVE-2014-5356

The CVE-2014-5356 vulnerability affects OpenStack Image Registry and Delivery Service (Glance) prior to 2013.2.4, 2014.x prior to 2014.1.3, and Juno prior to Juno-3 when using the V2 API. The root cause is that the image_size_cap option was not honored, allowing an authenticated remote user to up...

CVE-2014-9623

OpenStack Glance (Image Service) CVE-2014-9623 affects 2014.2.x through 2014.2.1, 2014.1.3 and earlier, allowing remote authenticated users to bypass storage quota and cause disk DoS by deleting an image in the saving state. Root cause is an incomplete fix that permitted quota bypass during uploa...

CVE-2014-0162

CVE-2014-0162 affects the Sheepdog backend used by OpenStack Image Registry and Delivery Service (Glance). The vulnerability allows remote authenticated users who can insert or modify an image to run arbitrary commands via a crafted image location. Affected releases are Glance 2013.2 prior to 201...

CVE-2014-9493

OpenStack Glance V2 API (before 2014.2.2 and 2014.1.4) allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. Root cause is a path traversal flaw in the V2 image location handling; impact includes potential exposure o...

CVE-2015-5286

OpenStack Image Service (Glance) is vulnerable in versions prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo). A remote authenticated user can bypass storage quotas and cause a denial of service by deleting images that are being uploaded with a token that expires during the process. R...

CVE-2014-1948

CVE-2014-1948 affects OpenStack Image Registry and Delivery Service (Glance) versions 2013.2 through 2013.2.1 and Icehouse era before icehouse-2, where a failed authentication with WARNING-level logging enables local users to read a log entry containing the Swift store backend password. The vulne...

CVE-2012-4573

The CVE-2012-4573 issue affects the v1 API of OpenStack Glance (Grizzly, Folsom 2012.2, Essex 2012.1), where remote authenticated users could delete arbitrary non‑protected images via an image deletion request. The vulnerability is tied to an incomplete/faulty fix; related advisories confirm ongo...

CVE-2014-9684

CVE-2014-9684 affects OpenStack Glance (Image Registry and Delivery Service) versions 2014.2 through 2014.2.2. The vulnerability arises because the image removal process does not properly clean up, allowing a remote authenticated user to cause a denial of service (disk consumption) by rapidly cre...

CVE-2015-1195

The CVE-2015-1195 issue concerns OpenStack Image Registry Delivery Service (Glance) V2 API where versions prior to 2014.1.4 and 2014.2.x prior to 2014.2.2 allow an authenticated remote user to read or delete arbitrary files via a full pathname in a filesystem:// URL in the image location property...

CVE-2012-5482

The CVE-2012-5482 vulnerability affects OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) where the v2 API allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. Root cause noted as an incomplete fix for CVE-2012-4573. Connected advis...

CVE-2015-1881

The CVE-2015-1881 entry concerns OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2, where images are not properly removed. According to connected docs, this allows remote authenticated users to trigger a denial of service (disk consumption) by creating a large number ...

CVE-2013-4354

The CVE-2013-4354 entry concerns OpenStack Image Registry and Delivery Service (Glance) before version 2.1. The vulnerability arises from the API allowing a local user to add the tenant as a member of an image, enabling injection of images into arbitrary tenants. Affected component is the Glance ...