12 matches found
CVE-2022-47951
CVE-2022-47951 affects OpenStack components (Cinder, Glance, Nova): by supplying a specially crafted VMDK flat image referencing a backing file path, an authenticated user could cause the server to return the contents of that backing file, enabling unauthorized data access. Affected ranges: Cinde...
CVE-2024-32498
CVE-2024-32498 affects OpenStack components: Cinder (up to 24.0.0), Glance (up to 28.0.2), and Nova (up to 29.0.3). The issue allows arbitrary file access via a crafted QCOW2 external data reference; an authenticated user can cause the server to return contents of a sensitive file by referencing ...
CVE-2015-5162
CVE-2015-5162 affects OpenStack components OpenStack Cinder, Glance, and Nova where the image parser does not properly limit qemu-img calls. This can allow an unprivileged user to trigger a denial of service through crafted disk images, consuming RAM and disk space on the compute host. Affected v...
CVE-2022-4134
CVE-2022-4134 affects OpenStack Glance. A flaw allows a remote, authenticated attacker to tamper with uploaded images, compromising the integrity of virtual machines created from those images. The available sources describe the vulnerable component as openstack-glance and confirm the impact is im...
CVE-2013-1840
CVE-2013-1840 affects the OpenStack Glance v1 API (Essex, Folsom, Grizzly) when using the single-tenant Swift or S3 store. The vulnerability arises because the location header can leak the operator’s backend credentials to remote authenticated users who request a cached image. Impact is informati...
CVE-2017-7200
OpenStack Glance before Newton is affected by CVE-2017-7200: an SSRF via the copy_from feature in API v1 lets an attacker create images with a URL like http://localhost:22, enabling masked network port scans and potential internal network enumeration originating from the Glance service. The vulne...
CVE-2013-4428
CVE-2013-4428 affects the OpenStack Image Registry and Delivery Service (Glance) in the Folsom/Grizzly line before 2013.1.4 and Havana before 2013.2. The issue is a flaw in the download_image policy enforcement for cached system images: after an image is cached by an authorized download, any auth...
CVE-2015-5163
OpenStack Glance is affected by CVE-2015-5163 in the 2015.1.x line prior to 2015.1.2 (kilo). The V2 API allows remote authenticated users to read arbitrary files via a crafted qcow2 backing file during image import. The issue arises from how a backing file is processed and file content is read, e...
CVE-2016-8611
CVE-2016-8611 affects OpenStack Glance image service (v1/v2) where the /images POST API could saturate the database due to no request limits for authenticated users, enabling possible DoS. Public references in Nessus/Red Hat advisories align with the issue. A later SUSE/CROWBAR-related update (SU...
CVE-2015-3289
OpenStack Glance prior to 2015.1.1 (kilo) is affected. Affected component: Glance’s image import task flow API. Root cause: remote authenticated users can repeatedly invoke the import task flow API to create images and then delete them, leading to denial of service via disk consumption. Impact: d...
CVE-2026-34881
OpenStack Glance SSRF (CVE-2026-34881) affects Glance versions before 29.1.1, 30.x before 30.1.1, and 31.0.0. The vulnerability allows an authenticated user to bypass URL validation via HTTP redirects, enabling access to internal services through the web-download and glance-download image import ...
CVE-2015-8234
The CVE-2015-8234 entry concerns OpenStack Glance 11.0.0, where the image signature verification can be bypassed by processing a crafted image. The underlying issue is tied to an MD5 collision in the image signature algorithm, enabling remote attackers to bypass verification. The available connec...