{"id":"PYSEC-2012-30","details":"The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.","modified":"2025-10-09T05:18:46.562468Z","published":"2012-11-11T13:00:00Z","withdrawn":"2024-11-22T04:37:04Z","references":[{"type":"WEB","url":"https://bugs.launchpad.net/glance/+bug/1076506"},{"type":"FIX","url":"https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"},{"type":"WEB","url":"http://www.securityfocus.com/bid/56437"},{"type":"FIX","url":"https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/11/08/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/11/09/1"},{"type":"ADVISORY","url":"http://secunia.com/advisories/51174"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/11/09/5"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/11/07/6"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"},{"type":"WEB","url":"http://osvdb.org/87248"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"}],"affected":[{"package":{"name":"glance","ecosystem":"PyPI","purl":"pkg:pypi/glance"},"ranges":[{"type":"GIT","repo":"https://github.com/openstack/glance","events":[{"introduced":"0"},{"fixed":"fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"},{"fixed":"b591304b8980d8aca8fa6cda9ea1621aca000c88"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["15.0.2","17.0.1","18.0.0","18.0.0.0b1","18.0.0.0rc1","18.0.1","19.0.0","19.0.0.0b1","19.0.0.0rc1","19.0.0.0rc2","19.0.1","19.0.2","19.0.3","19.0.4","20.0.0","20.0.0.0b1","20.0.0.0b2","20.0.0.0b3","20.0.0.0rc1","20.0.0.0rc2","20.0.1","20.1.0","20.2.0","21.0.0","21.0.0.0b1","21.0.0.0b2","21.0.0.0rc1","21.0.0.0rc2","21.1.0","22.0.0","22.0.0.0b2","22.0.0.0b3","22.0.0.0rc1","22.1.0","22.1.1","23.0.0","23.0.0.0b2","23.0.0.0b3","23.0.0.0rc1","23.0.0.0rc2","23.1.0","24.0.0","24.0.0.0rc1","24.1.0","24.2.0","24.2.1","25.0.0","25.0.0.0b2","25.0.0.0b3","25.0.0.0rc1","25.1.0","26.0.0","26.0.0.0b2","26.0.0.0b3","26.0.0.0rc1","26.1.0","27.0.0","27.0.0.0b1","27.0.0.0b2","27.0.0.0rc1","27.1.0","28.0.0","28.0.0.0b2","28.0.0.0rc1","28.0.1","28.1.0","29.0.0","29.0.0.0b1","29.0.0.0b2","29.0.0.0b3","29.0.0.0rc1","27.1.1","30.0.0","30.0.0.0b2","30.0.0.0rc1","31.0.0","31.0.0.0rc1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/glance/PYSEC-2012-30.yaml"}}],"schema_version":"1.7.3"}