CVE-2012-5482 - Vulnerability Details

The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01403.

Key SSVC decision points have not yet been added.

Vendors	Products
Openstack	Essex Folsom Image Registry And Delivery Service \(glance\)

Configuration 1 [-]

OR	cpe:2.3:a:openstack:essex:2012.1:::::::*
	cpe:2.3:a:openstack:folsom:2012.2:::::::*
	cpe:2.3:a:openstack:image_registry_and_delivery_service_\(glance\):-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2012-0040	The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
Github GHSA	GHSA-vwr9-9f8v-vp5m	OpenStack Glance arbitrary deletion of non-protected images

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html
http://osvdb.org/87248
http://secunia.com/advisories/51174
http://www.openwall.com/lists/oss-security/2012/11/07/6
http://www.openwall.com/lists/oss-security/2012/11/08/2
http://www.openwall.com/lists/oss-security/2012/11/09/1
http://www.openwall.com/lists/oss-security/2012/11/09/5
http://www.securityfocus.com/bid/56437
https://bugs.launchpad.net/glance/+bug/1076506
https://exchange.xforce.ibmcloud.com/vulnerabilities/80019
https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88
https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-11-11T11:00:00

Updated: 2024-08-06T21:05:47.269Z

Reserved: 2012-10-24T00:00:00

Link: CVE-2012-5482

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-11-11T13:00:59.620

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-5482

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object