OSSA-2012-017: Authentication bypass for image deletion

OSSA-2012-017: Authentication bypass for image deletion


November 07, 2012


CVE-2012-4573, CVE-2012-5482


  • Glance: Essex, Folsom, Grizzly


Gabe Westmaas from Rackspace reported a vulnerability in Glance authentication of image deletion requests. Authenticated users may be able to delete arbitrary, non-protected images from Glance servers. Only Folsom/Grizzly deployments that expose the v1 API are affected by this vulnerability. Additionally, Essex deployments that use the delayed_delete option are also affected.


  • Gabe Westmaas from Rackspace (CVE-2012-4573, CVE-2012-5482)

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.