CVE 2012-4573
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
Related bugs and status
CVE-2012-4573 (Candidate) is related to these bugs:
Bug #1056420: nosetest options cause no such option errors
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1056420 | nosetest options cause no such option errors | Glance | Low | Fix Released | ||
| 1056420 | nosetest options cause no such option errors | Glance folsom | Low | Fix Released | ||
| 1056420 | nosetest options cause no such option errors | glance (Ubuntu) | Undecided | Fix Released | ||
| 1056420 | nosetest options cause no such option errors | glance (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1056420 | nosetest options cause no such option errors | Glance grizzly | Low | Fix Released | ||
Bug #1057322: Image fails to upload to swift: TypeError: object of type 'CooperativeReader' has no len(
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1057322 | Image fails to upload to swift: TypeError: object of type 'CooperativeReader' has no len( | glance (Ubuntu) | High | Fix Released | ||
| 1057322 | Image fails to upload to swift: TypeError: object of type 'CooperativeReader' has no len( | Glance | High | Fix Released | ||
| 1057322 | Image fails to upload to swift: TypeError: object of type 'CooperativeReader' has no len( | Ubuntu Cloud Archive | High | Fix Released | ||
| 1057322 | Image fails to upload to swift: TypeError: object of type 'CooperativeReader' has no len( | Glance folsom | High | Fix Released | ||
| 1057322 | Image fails to upload to swift: TypeError: object of type 'CooperativeReader' has no len( | glance (Ubuntu Quantal) | High | Fix Released | ||
| 1057322 | Image fails to upload to swift: TypeError: object of type 'CooperativeReader' has no len( | Glance grizzly | High | Fix Released | ||
Bug #1059634: Badly named stable/folsom Glance tarballs
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1059634 | Badly named stable/folsom Glance tarballs | OpenStack Core Infrastructure | High | Fix Released | ||
| 1059634 | Badly named stable/folsom Glance tarballs | oslo-incubator | High | Fix Released | ||
| 1059634 | Badly named stable/folsom Glance tarballs | Glance | Undecided | Invalid | ||
| 1059634 | Badly named stable/folsom Glance tarballs | Glance folsom | High | Fix Released | ||
| 1059634 | Badly named stable/folsom Glance tarballs | glance (Ubuntu) | Undecided | Fix Released | ||
| 1059634 | Badly named stable/folsom Glance tarballs | glance (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1059634 | Badly named stable/folsom Glance tarballs | oslo-incubator grizzly | High | Fix Released | ||
Bug #1060930: Admin can update metadata of a deleted image
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1060930 | Admin can update metadata of a deleted image | Glance | Medium | Fix Released | ||
| 1060930 | Admin can update metadata of a deleted image | Glance folsom | Medium | Fix Released | ||
| 1060930 | Admin can update metadata of a deleted image | glance (Ubuntu) | Undecided | Fix Released | ||
| 1060930 | Admin can update metadata of a deleted image | glance (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1060930 | Admin can update metadata of a deleted image | Glance grizzly | Medium | Fix Released | ||
Bug #1060944: v1 API returns 200 OK when an admin deletes a deleted image
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1060944 | v1 API returns 200 OK when an admin deletes a deleted image | Glance | Medium | Fix Released | ||
| 1060944 | v1 API returns 200 OK when an admin deletes a deleted image | Glance folsom | Medium | Fix Released | ||
| 1060944 | v1 API returns 200 OK when an admin deletes a deleted image | glance (Ubuntu) | Undecided | Fix Released | ||
| 1060944 | v1 API returns 200 OK when an admin deletes a deleted image | glance (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1060944 | v1 API returns 200 OK when an admin deletes a deleted image | Glance grizzly | Medium | Fix Released | ||
Bug #1065187: [OSSA-2012-017] Non-admin users can cause public glance images to be deleted
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1065187 | [OSSA-2012-017] Non-admin users can cause public glance images to be deleted | Glance | Critical | Fix Released | ||
| 1065187 | [OSSA-2012-017] Non-admin users can cause public glance images to be deleted | Glance folsom | Critical | Fix Released | ||
| 1065187 | [OSSA-2012-017] Non-admin users can cause public glance images to be deleted | Glance essex | Critical | Fix Committed | ||
| 1065187 | [OSSA-2012-017] Non-admin users can cause public glance images to be deleted | glance (Ubuntu) | Undecided | Fix Released | ||
| 1065187 | [OSSA-2012-017] Non-admin users can cause public glance images to be deleted | glance (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1065187 | [OSSA-2012-017] Non-admin users can cause public glance images to be deleted | Glance grizzly | Critical | Fix Released | ||
| 1065187 | [OSSA-2012-017] Non-admin users can cause public glance images to be deleted | OpenStack Security Advisory | Undecided | Fix Released | ||
Bug #1065758: No exclude option to skip tests in run_tests.sh
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1065758 | No exclude option to skip tests in run_tests.sh | Glance | Low | Fix Released | ||
| 1065758 | No exclude option to skip tests in run_tests.sh | Glance folsom | Low | Fix Released | ||
| 1065758 | No exclude option to skip tests in run_tests.sh | glance (Ubuntu) | Undecided | Fix Released | ||
| 1065758 | No exclude option to skip tests in run_tests.sh | glance (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1065758 | No exclude option to skip tests in run_tests.sh | Glance grizzly | Low | Fix Released | ||
Bug #1071446: admins can see deleted images in v2 api
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1071446 | admins can see deleted images in v2 api | Glance | Medium | Fix Released | ||
| 1071446 | admins can see deleted images in v2 api | Glance folsom | Medium | Fix Released | ||
| 1071446 | admins can see deleted images in v2 api | glance (Ubuntu) | Undecided | Fix Released | ||
| 1071446 | admins can see deleted images in v2 api | glance (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1071446 | admins can see deleted images in v2 api | Glance grizzly | Medium | Fix Released | ||
Bug #1073569: Jenkins jobs fail because of incompatibility between sqlalchemy-migrate and the newest sqlalchemy-0.8.0b1
Bug #1075580: Glance image-delete HTTPInternalServerError HTTP 500
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1075580 | Glance image-delete HTTPInternalServerError HTTP 500 | Glance | Undecided | Fix Released | ||
| 1075580 | Glance image-delete HTTPInternalServerError HTTP 500 | Glance folsom | Medium | Fix Released | ||
| 1075580 | Glance image-delete HTTPInternalServerError HTTP 500 | glance (Ubuntu) | Undecided | Fix Released | ||
| 1075580 | Glance image-delete HTTPInternalServerError HTTP 500 | glance (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1075580 | Glance image-delete HTTPInternalServerError HTTP 500 | Glance grizzly | Undecided | Fix Released | ||
Bug #1085255: Meta bug for tracking Openstack 2012.2.1 Stable Update
Bug #1089488: Meta bug for tracking Openstack Stable Updates
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | glance (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
