CVE-2012-4573
Published: 7 November 2012
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
Notes
Author | Note |
---|---|
jdstrand | Diablo (in Ubuntu 11.10) not affected per upstream also affects v2 api in Folsom+ (Ubuntu 12.10+) |
Priority
Status
Package | Release | Status |
---|---|---|
glance Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Not vulnerable
|
|
precise |
Released
(2012.1.3+stable~20120821-120fcf-0ubuntu1.2)
|
|
quantal |
Released
(2012.2-0ubuntu2.3)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://review.openstack.org/gitweb?p=openstack%2Fglance.git;a=commitdiff;h=efd7e75b1f419a52c7103c7840e24af8e5deb29d (essex) upstream: https://review.openstack.org/gitweb?p=openstack%2Fglance.git;a=commitdiff;h=90bcdc5a89e350a358cf320a03f5afe99795f6f6 (folsom pt1) upstream: https://review.openstack.org/gitweb?p=openstack/glance.git;a=patch;h=fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3 (folsom pt3 v2 api) |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4573
- https://lists.launchpad.net/openstack/msg18386.html
- https://review.openstack.org/#/c/15562/
- https://review.openstack.org/#/c/15563/
- https://ubuntu.com/security/notices/USN-1626-1
- https://review.openstack.org/#/c/15659/
- https://ubuntu.com/security/notices/USN-1626-2
- NVD
- Launchpad
- Debian