274 matches found
Arbitrary Code Execution
openstack-glance is vulnerable to arbitrary code execution attacks. The vulnerability exists as the Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modif...
Bypass Access Restriction
The openstack-glance package is vulnerable to access restriction bypass. When Glance downloadimage policy is enforced for cached system images, it allows an authenticated user to guess the image by its UUID and download that image,against the downloadimage policy. It only affects the setups makin...
Information Disclosure
openStack-glance is vulnerable to information disclosure. When an error occurs during new image creation in single tenant mode, the endpoint logs usernames and passwords in plaintext. An authenticated user would be able to obtain credentials and gain access to the endpoint as an administrator...
Information Disclosure
openstack-glance is vulnerable to information disclosure. A flaw in the way certain image requests are handled allowed an authenticated user to obtain Glance's OpenStack Swift or Amazon S3 credentials...
Authorization Bypass
openstack-glance is vulnerable to authorization bypass. The API allows remote authenticated users are able to delete arbitrary, non-protected images from Glance servers via an image deletion request...
CVE-2016-8611
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...
UBUNTU-CVE-2016-8611
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...
CVE-2016-8611
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...
DEBIAN-CVE-2016-8611
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...
CVE-2016-8611
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...
CVE-2016-8611
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...
PT-2018-5031 · Openstack +1 · Openstack Glance +1
Name of the Vulnerable Software and Affected Versions: Openstack Glance affected versions not specified Description: A vulnerability was found in Openstack Glance where no limits are enforced within the Glance image service for both v1 and v2 "/images" API POST method for authenticated users. Thi...
Security Bulletin: IBM PowerVC is impacted by OpenStack Glance server-side request forgery (CVE-2017-7200)
Summary IBM PowerVC may disclose some sensitive information while creating images with 'copyfrom' feature in the v1 Image Service API. Vulnerability Details CVEID: CVE-2017-7200 DESCRIPTION: OpenStack Glance is vulnerable to server-side request forgery, caused by a flaw in the 'copyfrom' feature ...
Ubuntu 14.04 LTS : OpenStack Glance vulnerabilities (USN-3446-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3446-1 advisory. Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change th...
Ubuntu: Security Advisory (USN-3446-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3446-1: OpenStack Glance vulnerabilities
Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change the status of images, contrary to access restrictions. CVE-2015-5251 Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly...
SUSE-SU-2017:2628-1 Security update for openstack-glance
This update for openstack-glance fixes the following issues: - Restrict imagelocation metadata When showmultiplelocations is enabled in Glance, any user can rewrite the metadata information for locations, causing a security breach. bsc1023507...
CVE-2016-4383
An immutability flaw was discovered in openstack-glance, where the glance-manage DB allows deleted image IDs to be reassigned. The flaw could be exploited to allow remote authenticated users to cause other users to boot into a malicious image without knowing it. Mitigation For this flaw to be...
CVE-2016-4383
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...
CVE-2016-4383
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...