CVE-2013-4354 Information

Description

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

Reference

http://www.openwall.com/lists/oss-security/2013/09/19/2 http://www.openwall.com/lists/oss-security/2013/09/19/3 https://bugs.launchpad.net/glance/+bug/1226078