CVE-2012-4573

OpenStack: Glance Authentication bypass for image deletion

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.

La API v1 en OpenStack Vistazo Grizzly, Folsom (2.012,2) y Essex (2012.1) permite a usuarios autenticados remotamente borrar imágenes de su elección no protegidas a través de una solicitud de eliminación de imágenes, una vulnerabilidad diferente a CVE-2012-5482.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-08-21 CVE Reserved
2012-11-11 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (19)

URL	Tag	Source
http://osvdb.org/87248	Vdb Entry
http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html	X_refsource_misc
http://www.openwall.com/lists/oss-security/2012/11/07/6	Mailing List
http://www.openwall.com/lists/oss-security/2012/11/09/5	Mailing List
http://www.securityfocus.com/bid/56437	Vdb Entry
https://bugs.launchpad.net/glance/+bug/1065187	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/79895	Vdb Entry
https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc	X_refsource_confirm
https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d	2017-08-29

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html	2017-08-29
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html	2017-08-29
http://rhn.redhat.com/errata/RHSA-2012-1558.html	2017-08-29
http://secunia.com/advisories/51174	2017-08-29
http://secunia.com/advisories/51234	2017-08-29
http://www.ubuntu.com/usn/USN-1626-1	2017-08-29
http://www.ubuntu.com/usn/USN-1626-2	2017-08-29
https://access.redhat.com/security/cve/CVE-2012-4573	2012-12-10
https://bugzilla.redhat.com/show_bug.cgi?id=872302	2012-12-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Essex Search vendor "Openstack" for product "Essex"				2012.1 Search vendor "Openstack" for product "Essex" and version "2012.1"		-		Affected
Openstack Search vendor "Openstack"		Folsom Search vendor "Openstack" for product "Folsom"				2012.2 Search vendor "Openstack" for product "Folsom" and version "2012.2"		-		Affected
Openstack Search vendor "Openstack"		Image Registry And Delivery Service \(glance\) Search vendor "Openstack" for product "Image Registry And Delivery Service \(glance\)"				-		-		Affected