{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2012-5482", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", "refsource" : "MLIST", "url" : "http://www.openwall.com/lists/oss-security/2012/11/07/6" }, { "name" : "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", "refsource" : "MLIST", "url" : "http://www.openwall.com/lists/oss-security/2012/11/08/2" }, { "name" : "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", "refsource" : "MLIST", "url" : "http://www.openwall.com/lists/oss-security/2012/11/09/1" }, { "name" : "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1", "refsource" : "MLIST", "url" : "http://www.openwall.com/lists/oss-security/2012/11/09/5" }, { "name" : "https://bugs.launchpad.net/glance/+bug/1076506", "refsource" : "CONFIRM", "url" : "https://bugs.launchpad.net/glance/+bug/1076506" }, { "name" : "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88", "refsource" : "CONFIRM", "url" : "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88" }, { "name" : "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3", "refsource" : "CONFIRM", "url" : "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3" }, { "name" : "FEDORA-2012-17901", "refsource" : "FEDORA", "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html" }, { "name" : "SUSE-SU-2012:1455", "refsource" : "SUSE", "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html" }, { "name" : "56437", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/56437" }, { "name" : "87248", "refsource" : "OSVDB", "url" : "http://osvdb.org/87248" }, { "name" : "51174", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/51174" }, { "name" : "glance-v2api-security-bypass(80019)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019" } ] } }