RHEL 6 : openstack-glance (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-glance: API v1 copyfrom reveals network details CVE-2017-7200 - A vulnerability was found in...

RHEL 6 : openstack-glance (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-glance: API v1 copyfrom reveals network details CVE-2017-7200 - A vulnerability was found in...

RHEL 9 : Red Hat OpenStack Platform 17.0 (openstack-glance) (RHSA-2023:1017)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1017 advisory. OpenStack Image Service code-named Glance provides discovery,registration, and delivery services for virtual disk images. The Image Service API serve...

Important: Red Hat Security Advisory: Synopsis: Red Hat OpenStack Platform (openstack-glance) security update

An update for openstack-glance is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

CVE-2022-4134

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...

CVE-2022-4134

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...

CVE-2022-4134

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...

CVE-2022-4134

CVE-2022-4134 affects OpenStack Glance. A flaw allows a remote, authenticated attacker to tamper with uploaded images, compromising the integrity of virtual machines created from those images. The available sources describe the vulnerable component as openstack-glance and confirm the impact is im...

SUSE CVE-2022-4134

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...

CVE-2022-4134

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. Mitigation There are two options: 1. Manually disable the showmultiplelocations configuration...

Authorization Bypass

openstack-glance is vulnerable to authorization bypass. An authorization vulnerability allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw t...

Authorization Bypass

openstack-glance is vulnerable to authorization bypass. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to...

Denial Of Service (DoS)

openstack-glance is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by...

Arbitrary File Read

openstack-glance is vulnerable to arbitrary file read attacks. The vulnerability exists as the V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the...

Denial Of Service (DoS)

openstack-glance is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option...

Arbitrary Code Execution

openstack-glance is vulnerable to arbitrary code execution attacks. The vulnerability exists as the Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modif...

Bypass Access Restriction

The openstack-glance package is vulnerable to access restriction bypass. When Glance downloadimage policy is enforced for cached system images, it allows an authenticated user to guess the image by its UUID and download that image,against the downloadimage policy. It only affects the setups makin...

Information Disclosure

openStack-glance is vulnerable to information disclosure. When an error occurs during new image creation in single tenant mode, the endpoint logs usernames and passwords in plaintext. An authenticated user would be able to obtain credentials and gain access to the endpoint as an administrator...

CVE-2016-4383

An immutability flaw was discovered in openstack-glance, where the glance-manage DB allows deleted image IDs to be reassigned. The flaw could be exploited to allow remote authenticated users to cause other users to boot into a malicious image without knowing it. Mitigation For this flaw to be...

Fedora 23 : openstack-glance-2015.1.2-1.fc23 (2015-66439aa9e2)

Update to upstream 2015.1.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...