CVE-2013-4354
OpenStack Glance - Unauthenticated Image Injection via Tenant Manipulation
Title source: llmDescription
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/09/19/3
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/glance/+bug/1226078
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/09/19/2
Scores
EPSS
0.0014
EPSS Percentile
34.2%
Details
CWE
CWE-20
Status
published
Products (1)
openstack/image_registry_and_delivery_service_\(glance\)
Published
Nov 23, 2013
Tracked Since
Feb 18, 2026