CVE-2013-4428
OpenStack Glance < 2013.1.4 / < 2013.2 - Authenticated Unrestricted Image Access
Title source: llmDescription
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.
References (9)
Core 9
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1525.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2003-1
Patch, Third Party Advisory x_refsource_confirm
https://launchpad.net/glance/+milestone/2013.1.4
Exploit, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/glance/+bug/1235378
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/15/8
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/63159
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/10/16/9
Exploit, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/glance/+bug/1235226
Patch, Third Party Advisory x_refsource_confirm
https://launchpad.net/glance/+milestone/2013.2
Scores
EPSS
0.0047
EPSS Percentile
64.7%
Details
CWE
CWE-264
Status
published
Products (4)
canonical/ubuntu_linux
12.10
canonical/ubuntu_linux
13.04
openstack/glance
2013.2 milestone1 (3 CPE variants)
openstack/glance
2012.2 - 2012.2.4
Published
Oct 27, 2013
Tracked Since
Feb 18, 2026