Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5482

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2012-5482
Last Modified 09 Feb 2015 02:22:43
Published 11 Nov 2012 08:00:59
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-5482

Summary

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.

Vulnerable Systems

Application

  • Openstack Essex 2012.1

  • Openstack Folsom 2012.2

  • Openstack Glance Grizzly

  • Openstack Image Registry And Delivery Service %28glance%29 -


References

CONFIRM - https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3

CONFIRM - https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88

CONFIRM - https://bugs.launchpad.net/glance/+bug/1076506

BID - 56437

MLIST - [oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1

MLIST - [oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)

MLIST - [oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)

MLIST - [oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)

SECUNIA - 51174

SUSE - SUSE-SU-2012:1455

XF - glance-v2api-security-bypass(80019)

FEDORA - FEDORA-2012-17901

OSVDB - 87248


Last Updated: 27 May 2016 10:58:27