Launchpad CVE tracker

CVE 2013-4428

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.

Related bugs and status

CVE-2013-4428 (Candidate) is related to these bugs:

Bug #1235378: [OSSA 2013-027] 'image_download' role in v2 causes traceback

		In	Importance	Status
1235378	[OSSA 2013-027] 'image_download' role in v2 causes traceback	Glance	Critical	Fix Released
1235378	[OSSA 2013-027] 'image_download' role in v2 causes traceback	OpenStack Security Advisory	Medium	Fix Released
1235378	[OSSA 2013-027] 'image_download' role in v2 causes traceback	Glance grizzly	Critical	Fix Released
1235378	[OSSA 2013-027] 'image_download' role in v2 causes traceback	Glance folsom	Undecided	Fix Committed

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: http://rhn.redhat.com/...
MISC: http://www.ubuntu.com/...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: https://bugs.launchpad...
MISC: https://bugs.launchpad...
MISC: https://launchpad.net/...
MISC: https://launchpad.net/...

Launchpad.net

CVE 2013-4428

Related bugs and status

Related bugs

References