CVE-2013-4354

Description

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

How to fix CVE-2013-4354

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/glance—no fix listed

Is CVE-2013-4354 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-4354