Skip to content

OpenStack Glance arbitrary deletion of non-protected images

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Nov 21, 2024

Package

pip glance (pip)

Affected versions

< 11.0.0a0

Patched versions

11.0.0a0

Description

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.

References

Published by the National Vulnerability Database Nov 11, 2012
Published to the GitHub Advisory Database May 17, 2022
Reviewed Jan 12, 2024
Last updated Nov 21, 2024

Severity

Moderate

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(80th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2012-5482

GHSA ID

GHSA-vwr9-9f8v-vp5m

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.