CVE - CVE-2012-4573

CVE-ID
CVE-2012-4573	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:51174 URL:http://secunia.com/advisories/51174 MISC:51234 URL:http://secunia.com/advisories/51234 MISC:56437 URL:http://www.securityfocus.com/bid/56437 MISC:87248 URL:~~http://osvdb.org/87248~~ (Obsolete source) MISC:FEDORA-2012-17901 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html MISC:RHSA-2012:1558 URL:http://rhn.redhat.com/errata/RHSA-2012-1558.html MISC:SUSE-SU-2012:1455 URL:http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html MISC:USN-1626-1 URL:http://www.ubuntu.com/usn/USN-1626-1 MISC:USN-1626-2 URL:http://www.ubuntu.com/usn/USN-1626-2 MISC:[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) URL:http://www.openwall.com/lists/oss-security/2012/11/07/6 MISC:[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1 URL:http://www.openwall.com/lists/oss-security/2012/11/09/5 MISC:http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html URL:http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html MISC:https://bugs.launchpad.net/glance/+bug/1065187 URL:https://bugs.launchpad.net/glance/+bug/1065187 MISC:https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc URL:https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc MISC:https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6 URL:https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6 MISC:https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d URL:https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d MISC:openstack-glance-sec-bypass(79895) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79895
Assigning CNA
Red Hat, Inc.
Date Record Created
20120821	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120821)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.