Lucene search
+L
OpenstackImage Registry And Delivery Service (glance)

4 matches found

CVE
CVE
added 2015/10/26 5:0 p.m.91 views

CVE-2015-5251

CVE-2015-5251 affects OpenStack Image Service (Glance) prior to 2014.2.4 (juno) and 2015.1.x prior to 2015.1.2 (kilo). The issue allows remote authenticated users to bypass access restrictions and change the status of their images by sending HTTP header x-image-meta-status to images/*, enabling m...

5.5CVSS4.3AI score0.02035EPSS
Web
CVE
CVE
added 2015/01/07 7:0 p.m.82 views

CVE-2014-9493

OpenStack Glance V2 API (before 2014.2.2 and 2014.1.4) allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. Root cause is a path traversal flaw in the V2 image location handling; impact includes potential exposure o...

5.5CVSS6.2AI score0.0277EPSS
CVE
CVE
added 2012/11/11 11:0 a.m.71 views

CVE-2012-4573

The CVE-2012-4573 issue affects the v1 API of OpenStack Glance (Grizzly, Folsom 2012.2, Essex 2012.1), where remote authenticated users could delete arbitrary non‑protected images via an image deletion request. The vulnerability is tied to an incomplete/faulty fix; related advisories confirm ongo...

5.5CVSS6.2AI score0.03318EPSS
CVE
CVE
added 2012/11/11 11:0 a.m.56 views

CVE-2012-5482

The CVE-2012-5482 vulnerability affects OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) where the v2 API allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. Root cause noted as an incomplete fix for CVE-2012-4573. Connected advis...

5.5CVSS6.4AI score0.02722EPSS