SSRF Vulnerability in OpenStack Glance Image Service
CVE-2017-7200
5.8MEDIUM
Summary
An SSRF vulnerability in the OpenStack Glance Image Service prior to the Newton release allows attackers to exploit the 'copy_from' feature in the v1 API. By crafting a request such as 'http://localhost:22', attackers can simulate network port scans that obscure their identity, making it appear as if these scans originate from the Glance service itself. This could potentially expose sensitive internal network details to malicious actors.
References
CVSS V3.1
Score:
5.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved