{"id":"PYSEC-2012-29","details":"The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.","aliases":["CVE-2012-4573","GHSA-6rrm-xxvh-7r87"],"modified":"2026-06-10T17:01:19.825100252Z","published":"2012-11-11T13:00:00Z","withdrawn":"2024-11-22T04:37:04Z","references":[{"type":"FIX","url":"https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"},{"type":"WEB","url":"http://www.securityfocus.com/bid/56437"},{"type":"FIX","url":"https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/11/09/5"},{"type":"WEB","url":"https://bugs.launchpad.net/glance/+bug/1065187"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/11/07/6"},{"type":"ADVISORY","url":"http://secunia.com/advisories/51234"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"},{"type":"FIX","url":"https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"},{"type":"ADVISORY","url":"http://secunia.com/advisories/51174"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1626-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1626-2"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2012-1558.html"},{"type":"WEB","url":"http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"},{"type":"WEB","url":"http://osvdb.org/87248"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-6rrm-xxvh-7r87"}],"affected":[{"package":{"name":"glance","ecosystem":"PyPI","purl":"pkg:pypi/glance"},"ranges":[{"type":"GIT","repo":"https://github.com/openstack/glance","events":[{"introduced":"0"},{"fixed":"90bcdc5a89e350a358cf320a03f5afe99795f6f6"},{"fixed":"efd7e75b1f419a52c7103c7840e24af8e5deb29d"},{"fixed":"6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["15.0.2","17.0.1","18.0.0","18.0.0.0b1","18.0.0.0rc1","18.0.1","19.0.0","19.0.0.0b1","19.0.0.0rc1","19.0.0.0rc2","19.0.1","19.0.2","19.0.3","19.0.4","20.0.0","20.0.0.0b1","20.0.0.0b2","20.0.0.0b3","20.0.0.0rc1","20.0.0.0rc2","20.0.1","20.1.0","20.2.0","21.0.0","21.0.0.0b1","21.0.0.0b2","21.0.0.0rc1","21.0.0.0rc2","21.1.0","22.0.0","22.0.0.0b2","22.0.0.0b3","22.0.0.0rc1","22.1.0","22.1.1","23.0.0","23.0.0.0b2","23.0.0.0b3","23.0.0.0rc1","23.0.0.0rc2","23.1.0","24.0.0","24.0.0.0rc1","24.1.0","24.2.0","24.2.1","25.0.0","25.0.0.0b2","25.0.0.0b3","25.0.0.0rc1","25.1.0","26.0.0","26.0.0.0b2","26.0.0.0b3","26.0.0.0rc1","26.1.0","27.0.0","27.0.0.0b1","27.0.0.0b2","27.0.0.0rc1","27.1.0","27.1.1","28.0.0","28.0.0.0b2","28.0.0.0rc1","28.0.1","28.1.0","28.2.0","29.0.0","29.0.0.0b1","29.0.0.0b2","29.0.0.0b3","29.0.0.0rc1","29.1.0","29.2.0","29.2.1","30.0.0","30.0.0.0b2","30.0.0.0rc1","30.1.0","30.2.0","31.0.0","31.0.0.0b2","31.0.0.0rc1","31.1.0","32.0.0","32.0.0.0b2","32.0.0.0rc1","32.0.0.0rc2","folsom-rc3","2012.2","folsom-rc2","folsom-rc1","folsom-3","2012.1.2","folsom-2","2012.1.1","essex-rc3","2012.1","essex-rc2","essex-rc1","essex-3","essex-1","2011.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/glance/PYSEC-2012-29.yaml"}}],"schema_version":"1.7.5"}