CVE - CVE-2012-5482

CVE-ID
CVE-2012-5482	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:56437 URL:http://www.securityfocus.com/bid/56437 CONFIRM:https://bugs.launchpad.net/glance/+bug/1076506 CONFIRM:https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88 CONFIRM:https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3 FEDORA:FEDORA-2012-17901 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html MLIST:[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) URL:http://www.openwall.com/lists/oss-security/2012/11/07/6 MLIST:[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) URL:http://www.openwall.com/lists/oss-security/2012/11/08/2 MLIST:[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) URL:http://www.openwall.com/lists/oss-security/2012/11/09/1 MLIST:[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1 URL:http://www.openwall.com/lists/oss-security/2012/11/09/5 OSVDB:87248 URL:~~http://osvdb.org/87248~~ (Obsolete source) SECUNIA:51174 URL:http://secunia.com/advisories/51174 SUSE:SUSE-SU-2012:1455 URL:http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html XF:glance-v2api-security-bypass(80019) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/80019
Assigning CNA
Red Hat, Inc.
Date Record Created
20121024	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20121024)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)