CVE-2013-4428: Improper Access Control

October 26, 2013 (updated November 15, 2018)

When the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.

References

bugs.launchpad.net/glance/+bug/1235378
github.com/openstack/glance/commit/a50bfb

Detect and mitigate CVE-2013-4428 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →