CVE-2013-4428 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2013-4428?

CVE-2013-4428 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-4428?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Glance, Canonical Ubuntu Linux.

Vulnerability Description

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.

CVSS Score

3.5

LOW

AV:N/AC:M/Au:S/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Openstack	Glance	>= 2012.2, <= 2012.2.4
Canonical	Ubuntu Linux	12.10

Related Weaknesses (CWE)

CWE-264

References

http://rhn.redhat.com/errata/RHSA-2013-1525.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2013/10/15/8Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2013/10/16/9Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/63159Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2003-1Third Party Advisory
https://bugs.launchpad.net/glance/+bug/1235226ExploitThird Party Advisory
https://bugs.launchpad.net/glance/+bug/1235378ExploitThird Party Advisory
https://launchpad.net/glance/+milestone/2013.1.4PatchThird Party Advisory
https://launchpad.net/glance/+milestone/2013.2PatchThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1525.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2013/10/15/8Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2013/10/16/9Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/63159Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2003-1Third Party Advisory
https://bugs.launchpad.net/glance/+bug/1235226ExploitThird Party Advisory

FAQ

What is CVE-2013-4428?

CVE-2013-4428 is a vulnerability with a CVSS score of 3.5 (LOW). OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cac...

How severe is CVE-2013-4428?

CVE-2013-4428 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4428?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Glance, Canonical Ubuntu Linux.