OpenStack Glance 25.0.0.0 Beta 2

CPE Details

OpenStack Glance 25.0.0.0 Beta 2
openstack
glance
25.0.0.0
2023-02-02
19h32 +00:00
2023-03-03
15h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openstack:glance:25.0.0.0:beta2:*:*:*:*:*:*

Informations

Vendor

openstack

Product

glance

Version

25.0.0.0

Update

beta2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-32498 2024-07-04 22h00 +00:00 An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
6.5
Medium
CVE-2022-4134 2023-03-06 00h00 +00:00 A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
2.8
Low
CVE-2016-8611 2018-07-31 18h00 +00:00 A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.
6.5
Medium
CVE-2017-7200 2017-03-21 05h21 +00:00 An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.
5.8
Medium
CVE-2015-3289 2015-08-14 16h00 +00:00 OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.
4
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.