12 matches found
CVE-2022-47951
CVE-2022-47951 affects OpenStack components (Cinder, Glance, Nova): by supplying a specially crafted VMDK flat image referencing a backing file path, an authenticated user could cause the server to return the contents of that backing file, enabling unauthorized data access. Affected ranges: Cinde...
CVE-2024-32498
CVE-2024-32498 affects OpenStack components: Cinder (up to 24.0.0), Glance (up to 28.0.2), and Nova (up to 29.0.3). The issue allows arbitrary file access via a crafted QCOW2 external data reference; an authenticated user can cause the server to return contents of a sensitive file by referencing ...
CVE-2015-5162
CVE-2015-5162 affects OpenStack components OpenStack Cinder, Glance, and Nova where the image parser does not properly limit qemu-img calls. This can allow an unprivileged user to trigger a denial of service through crafted disk images, consuming RAM and disk space on the compute host. Affected v...
CVE-2022-4134
CVE-2022-4134 affects OpenStack Glance. A flaw allows a remote, authenticated attacker to tamper with uploaded images, compromising the integrity of virtual machines created from those images. The available sources describe the vulnerable component as openstack-glance and confirm the impact is im...
CVE-2013-1840
CVE-2013-1840 affects the OpenStack Glance v1 API (Essex, Folsom, Grizzly) when using the single-tenant Swift or S3 store. The vulnerability arises because the location header can leak the operator’s backend credentials to remote authenticated users who request a cached image. Impact is informati...
CVE-2013-4428
CVE-2013-4428 affects the OpenStack Image Registry and Delivery Service (Glance) in the Folsom/Grizzly line before 2013.1.4 and Havana before 2013.2. The issue is a flaw in the download_image policy enforcement for cached system images: after an image is cached by an authorized download, any auth...
CVE-2015-5163
OpenStack Glance is affected by CVE-2015-5163 in the 2015.1.x line prior to 2015.1.2 (kilo). The V2 API allows remote authenticated users to read arbitrary files via a crafted qcow2 backing file during image import. The issue arises from how a backing file is processed and file content is read, e...
CVE-2017-7200
OpenStack Glance before Newton is affected by CVE-2017-7200: an SSRF via the copy_from feature in API v1 lets an attacker create images with a URL like http://localhost:22, enabling masked network port scans and potential internal network enumeration originating from the Glance service. The vulne...
CVE-2016-8611
CVE-2016-8611 affects OpenStack Glance image service (v1/v2) where the /images POST API could saturate the database due to no request limits for authenticated users, enabling possible DoS. Public references in Nessus/Red Hat advisories align with the issue. A later SUSE/CROWBAR-related update (SU...
CVE-2015-3289
OpenStack Glance prior to 2015.1.1 (kilo) is affected. Affected component: Glance’s image import task flow API. Root cause: remote authenticated users can repeatedly invoke the import task flow API to create images and then delete them, leading to denial of service via disk consumption. Impact: d...
CVE-2015-8234
The CVE-2015-8234 entry concerns OpenStack Glance 11.0.0, where the image signature verification can be bypassed by processing a crafted image. The underlying issue is tied to an MD5 collision in the image signature algorithm, enabling remote attackers to bypass verification. The available connec...
CVE-2026-34881
OpenStack Glance versions affected: =30.0.0