3 matches found
CVE-2022-47951
CVE-2022-47951 affects OpenStack components (Cinder, Glance, Nova): by supplying a specially crafted VMDK flat image referencing a backing file path, an authenticated user could cause the server to return the contents of that backing file, enabling unauthorized data access. Affected ranges: Cinde...
CVE-2017-7200
OpenStack Glance before Newton is affected by CVE-2017-7200: an SSRF via the copy_from feature in API v1 lets an attacker create images with a URL like http://localhost:22, enabling masked network port scans and potential internal network enumeration originating from the Glance service. The vulne...
CVE-2015-8234
The CVE-2015-8234 entry concerns OpenStack Glance 11.0.0, where the image signature verification can be bypassed by processing a crafted image. The underlying issue is tied to an MD5 collision in the image signature algorithm, enabling remote attackers to bypass verification. The available connec...