Lucene search
K

5 matches found

CVE
CVE
added 2023/01/26 12:0 a.m.141 views

CVE-2022-47951

CVE-2022-47951 affects OpenStack components (Cinder, Glance, Nova): by supplying a specially crafted VMDK flat image referencing a backing file path, an authenticated user could cause the server to return the contents of that backing file, enabling unauthorized data access. Affected ranges: Cinde...

5.7CVSS5.1AI score0.01025EPSS
CVE
CVE
added 2024/07/05 12:0 a.m.109 views

CVE-2024-32498

CVE-2024-32498 affects OpenStack components: Cinder (up to 24.0.0), Glance (up to 28.0.2), and Nova (up to 29.0.3). The issue allows arbitrary file access via a crafted QCOW2 external data reference; an authenticated user can cause the server to return contents of a sensitive file by referencing ...

6.5CVSS6.3AI score0.00835EPSS
CVE
CVE
added 2023/03/06 12:0 a.m.96 views

CVE-2022-4134

CVE-2022-4134 affects OpenStack Glance. A flaw allows a remote, authenticated attacker to tamper with uploaded images, compromising the integrity of virtual machines created from those images. The available sources describe the vulnerable component as openstack-glance and confirm the impact is im...

2.8CVSS3.6AI score0.00323EPSS
CVE
CVE
added 2018/07/31 8:0 p.m.64 views

CVE-2016-8611

CVE-2016-8611 affects OpenStack Glance image service (v1/v2) where the /images POST API could saturate the database due to no request limits for authenticated users, enabling possible DoS. Public references in Nessus/Red Hat advisories align with the issue. A later SUSE/CROWBAR-related update (SU...

6.5CVSS6.3AI score0.02326EPSS
CVE
CVE
added 2026/03/31 5:29 a.m.41 views

CVE-2026-34881

OpenStack Glance SSRF (CVE-2026-34881) affects Glance versions before 29.1.1, 30.x before 30.1.1, and 31.0.0. The vulnerability allows an authenticated user to bypass URL validation via HTTP redirects, enabling access to internal services through the web-download and glance-download image import ...

7.1CVSS5.9AI score0.00258EPSS