CVE-2013-4354

EUVD-2013-4238
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
openstackimage_registry_and_delivery_service_\(glance\)
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glance
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
glance
lucid
dne
precise
ignored
quantal
ignored
raring
ignored
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2013/09/19/2
http://www.openwall.com/lists/oss-security/2013/09/19/3
https://bugs.launchpad.net/glance/+bug/1226078
http://www.openwall.com/lists/oss-security/2013/09/19/2
http://www.openwall.com/lists/oss-security/2013/09/19/3
https://bugs.launchpad.net/glance/+bug/1226078