CVE-2013-4354

high

Description

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

References

https://bugs.launchpad.net/glance/+bug/1226078

http://www.openwall.com/lists/oss-security/2013/09/19/3

http://www.openwall.com/lists/oss-security/2013/09/19/2

Details

Source: Mitre, NVD

Published: 2013-11-23

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.0006

Detections

Analytics