CVE-2013-4354

Openstack Image Registry And Delivery... - Improper Input Validation

Title source: rule

Description

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

References (3)

[Issue Tracking] https://bugs.launchpad.net/glance/+bug/1226078

[Mailing List] http://www.openwall.com/lists/oss-security/2013/09/19/2

[Mailing List] http://www.openwall.com/lists/oss-security/2013/09/19/3

Scores

EPSS 0.0006

EPSS Percentile 18.1%

Classification

CWE

CWE-20

Status draft

Affected Products (1)

openstack/image_registry_and_delivery_service_\(glance\)

Timeline

Published Nov 23, 2013

Tracked Since Feb 18, 2026