CVE-2013-4354

Sažetak

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

Reference

http://www.openwall.com/lists/oss-security/2013/09/19/2
http://www.openwall.com/lists/oss-security/2013/09/19/3
https://bugs.launchpad.net/glance/+bug/1226078

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

25-11-2013 - 16:42

Objavljeno

23-11-2013 - 17:55