Unrated severityNVD Advisory· Published Oct 27, 2013· Updated Apr 29, 2026
CVE-2013-4428
CVE-2013-4428
Description
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.
Affected products
6cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*range: >=2012.2,<=2012.2.4
- cpe:2.3:a:openstack:glance:2013.2:milestone1:*:*:*:*:*:*
- cpe:2.3:a:openstack:glance:2013.2:milestone2:*:*:*:*:*:*
- cpe:2.3:a:openstack:glance:2013.2:milestone3:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- launchpad.net/glance/+milestone/2013.1.4nvdPatchThird Party Advisory
- launchpad.net/glance/+milestone/2013.2nvdPatchThird Party Advisory
- bugs.launchpad.net/glance/+bug/1235226nvdExploitThird Party Advisory
- bugs.launchpad.net/glance/+bug/1235378nvdExploitThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-1525.htmlnvdThird Party Advisory
- www.openwall.com/lists/oss-security/2013/10/15/8nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2013/10/16/9nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/63159nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2003-1nvdThird Party Advisory
News mentions
0No linked articles in our index yet.