The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Image_registry_and_delivery_service_(glance) | Openstack | - | - |
Essex | Openstack | 2012.1 | 2012.1 |
Folsom | Openstack | 2012.2 | 2012.2 |