Vulnerability Description
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Image Registry And Delivery Service \(Glance\) | - |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2013/09/19/2
- http://www.openwall.com/lists/oss-security/2013/09/19/3
- https://bugs.launchpad.net/glance/+bug/1226078
- http://www.openwall.com/lists/oss-security/2013/09/19/2
- http://www.openwall.com/lists/oss-security/2013/09/19/3
- https://bugs.launchpad.net/glance/+bug/1226078
FAQ
What is CVE-2013-4354?
CVE-2013-4354 is a vulnerability with a CVSS score of 2.1 (LOW). The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.
How severe is CVE-2013-4354?
CVE-2013-4354 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4354?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Image Registry And Delivery Service \(Glance\).