OpenStack Glance 安全漏洞

OpenStack Glance is an open-source service for storing and managing virtual machine images within OpenStack. Vulnerabilities exist in versions of OpenStack Glance prior to 29.1.1, as well as versions from 30.0.0 to 30.1.1 and 31.0.0. These vulnerabilities stem from URL validation checks that can ...

EUVD-2013-0043

Malware in sbrugna...

EUVD-2022-2682

Malicious code in bioql PyPI...

CVE-2022-25937

Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715...

PT-2025-7194

Name of the Vulnerable Software and Affected Versions: Glance That versions n/a through 4.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions on a web...

SUSE CVE-2013-0212

store/swift.py in OpenStack Glance Essex 2012.1, Folsom 2012.2 before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive...

Path Traversal

glance is vulnerable to Path Traversal. The vulnerability exists because the library does not properly sanitize relative paths in index.js, allowing an attacker to read files outside the public root directory by providing malicious relative paths...

glance 路径遍历漏洞

glance is a dictionary visualization repository open-sourced by nlpweb. A security vulnerability exists in versions prior to glance 3.0.9 that stems from the presence of a directory traversal that allows users to read files outside of the public root directory...

Directory Traversal

Overview glance is a quick disposable http server for static files. Affected versions of this package are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715. PoC Run...

GHSA-J4MH-9WQ6-8RG6 OpenStack Glance Bypass the storage quota and Denial of service

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...

uncanny (>=0.2.0 <=0.2.3) potentially affected by unknown CVE via glance (>=0.2.7 <=1.0.0)

glance NPM version =0.2.7, =0.2.0, =0.2.3 Source cves: unknown CVE Source advisory: OSV:GHSA-VW7G-JQ9M-3Q9V...

Information Disclosure

glance is vulnerable to information disclosure. A remote attacker is able to access and retrieve arbitrary files in a dot directory within the web server directory via URIs such as /.git/HEAD or /.got/logs/HEAD...

CVE-2015-8234

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision...

PT-2016-4404 · Openstack +1 · Openstack Image Service +1

Name of the Vulnerable Software and Affected Versions: OpenStack Image Service Glance versions prior to 2015.1.3 kilo OpenStack Image Service Glance versions 11.0.x prior to 11.0.2 liberty Description: The issue allows remote authenticated users to tamper with images, potentially compromising the...

openstack-glance: Glance image status manipulation through locations

An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to...

CVE-2014-9623

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...

Ubuntu 13.10 : glance vulnerability (USN-2193-1)

Paul McMillan discovered that the Sheepdog backend in OpenStack Glance did not properly handle untrusted input. A remote authenticated attacker exploit this to execute arbitrary commands as the glance user. Note that Tenable Network Security has extracted the preceding description block directly...

PT-2014-3508 · Openstack · Openstack Image Registry/Delivery Service

Name of the Vulnerable Software and Affected Versions: OpenStack Image Registry and Delivery Service Glance versions 2013.2 before 2013.2.4 OpenStack Image Registry and Delivery Service Glance versions icehouse before icehouse-rc2 Description: The issue allows remote authenticated users with...

Ubuntu 12.10 / 13.04 : glance vulnerability (USN-2003-1)

Stuart McLaren discovered that Glance did not properly enforce the 'downloadimage' policy for cached images. An authenticated user could exploit this to obtain sensitive information in an image protected by this setting. Note that Tenable Network Security has extracted the preceding description...

Ubuntu 11.10 / 12.04 LTS / 12.10 : glance vulnerability (USN-1710-1)

Dan Prince discovered an issue in Glance error reporting. An authenticated attacker could exploit this to expose the Glance operator's Swift credentials for a misconfigured or otherwise unusable Swift endpoint. Note that Tenable Network Security has extracted the preceding description block...