Image Registry And Delivery Service (glance) Security Vulnerabilities and Issues — Image Registry And Delivery Service (glance) CVE List

Lucene search

OpenstackImage Registry And Delivery Service (glance)

4 matches found

CVE•added 2015/10/26 5:59 p.m.•69 views

CVE-2015-5251

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

5.5CVSS4.3AI score0.00171EPSS

CVE•added 2015/01/07 7:59 p.m.•55 views

CVE-2014-9493

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

5.5CVSS6.2AI score0.00979EPSS

CVE•added 2012/11/11 1:0 p.m.•52 views

CVE-2012-4573

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.

5.5CVSS6.2AI score0.01403EPSS

CVE•added 2012/11/11 1:0 p.m.•45 views

CVE-2012-5482

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.

5.5CVSS6.4AI score0.01403EPSS