CVE-2013-4354

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
openstackimage_registry_and_delivery_service_\(glance\)
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glance
bullseye
unimportant
bullseye (security)
unimportant
bookworm
unimportant
bookworm (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glance
raring
ignored
quantal
ignored
precise
ignored
lucid
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2013/09/19/2
http://www.openwall.com/lists/oss-security/2013/09/19/3
https://bugs.launchpad.net/glance/+bug/1226078
http://www.openwall.com/lists/oss-security/2013/09/19/2
http://www.openwall.com/lists/oss-security/2013/09/19/3
https://bugs.launchpad.net/glance/+bug/1226078