{"id":"CVE-2013-4428","details":"OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.","modified":"2026-04-10T03:44:30.160778Z","published":"2013-10-27T00:55:03Z","references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-1525.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2013/10/15/8"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2013/10/16/9"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/63159"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2003-1"},{"type":"ADVISORY","url":"https://bugs.launchpad.net/glance/+bug/1235226"},{"type":"ADVISORY","url":"https://bugs.launchpad.net/glance/+bug/1235378"},{"type":"ADVISORY","url":"https://launchpad.net/glance/+milestone/2013.1.4"},{"type":"ADVISORY","url":"https://launchpad.net/glance/+milestone/2013.2"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2013/10/15/8"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2013/10/16/9"},{"type":"EVIDENCE","url":"https://bugs.launchpad.net/glance/+bug/1235226"},{"type":"EVIDENCE","url":"https://bugs.launchpad.net/glance/+bug/1235378"},{"type":"FIX","url":"https://launchpad.net/glance/+milestone/2013.1.4"},{"type":"FIX","url":"https://launchpad.net/glance/+milestone/2013.2"}],"schema_version":"1.7.5"}